IISRI® AI powered CyberRank External Ratings

Ranking the Best, Setting the Standard



Security Ratings and their significance

Security ratings are invaluable tools for organizations seeking to assess their security posture or evaluate suppliers during acquisition or merger processes. While certifications like ISO 27001, PCI DSS, and SOC2 provide a solid foundation, they offer limited insight into the effectiveness of security controls.
At IISRI®, we advocate for transparency in information security and privacy ratings. By publicly showcasing these ratings, organizations are motivated to continuously enhance their security and privacy measures, thereby safeguarding sensitive data. This transparency fosters a culture of accountability and improvement, driving collective efforts towards robust information security practices.


IISRI® CyberRank Awards

The IISRI® CyberRank Awards are an annual celebration of global excellence in cybersecurity, recognizing organizations for their exceptional achievements in external security posture. These awards honor the Top 10 companies across key industry sectors, highlighting their leadership in safeguarding sensitive data and mitigating cyber risks. Winners of the IISRI® CyberRank Awards enjoy exclusive, invite-only recognition with an all-expenses-paid experience for the top-performing organizations. This prestigious accolade not only boosts industry credibility but also showcases their commitment to best-in-class cybersecurity practices. While the 2025 awards will take place in Bali, the IISRI® CyberRank Awards are an ongoing initiative held annually, celebrating organizations worldwide that excel in their CyberRank assessments. At present, the awards focus exclusively on external cybersecurity posture, as rated by the rigorous CyberRank Rating System. The IISRI® CyberRank Awards go beyond individual recognition—they serve as a platform to inspire collaboration and innovation, shaping the future of cybersecurity across industries. Stay informed about upcoming events and awards programs, and register your interest here. Be part of the global movement driving cybersecurity excellence forward.

Rating Scale

Rating Meaning Mark Risk
AAA All information security and/or privacy controls are adequate, appropriate, and effective enough to provide reasonable assurance that security and privacy risks are being managed and objectives are met. Excellent None to minimal
AA Almost all information security and/or privacy controls are adequate, appropriate, and effective enough to provide reasonable assurance that security and/or privacy risks are being managed and objectives are met. Very good Very low
A Almost all information security and/or privacy controls are adequate, appropriate, and effective enough to provide reasonable assurance that security and/or privacy risks are being managed and objectives are met. A few specific control weaknesses have been noted. Minor additional work on information security or privacy is recommended. Good Low
BBB Main information security and/or privacy controls are adequate, appropriate, and effective enough to provide reasonable assurance that security and/or privacy risks are being managed and objectives are met. A few specific control weaknesses have been noted. Minor additional work on information security or privacy is recommended. Satisfactory Low
BB Main information security and/or privacy controls are adequate, appropriate, and effective enough to provide reasonable assurance that security and/or privacy risks are being managed and objectives are met. Some specific control weaknesses have been noted. Moderate additional work on information security or privacy is recommended. Sufficient Moderate
B Some information security and/or privacy controls are adequate, appropriate, and effective enough to provide reasonable assurance that security and/or privacy risks are being managed and objectives are met. Many specific control weaknesses have been noted. Major additional work on information security or privacy is highly recommended. Moderate Moderate
CCC Main information security and/or privacy controls are unlikely to provide reasonable assurance that security and/or privacy risks are being managed and objectives are met. Major work on information security or privacy is highly recommended. Insufficient High
CC Almost all information security and/or privacy controls are unlikely to provide reasonable assurance that security and/or privacy risks are being managed and objectives are met. Major work on information security or privacy is highly recommended. Very insufficient High
C Almost all information security and/or privacy controls are unlikely to provide reasonable assurance that security and/or privacy risks are being managed and objectives are met. Major work or complete new program on information security and/or privacy is required. Poor Very high
D All information security and/or privacy controls are not providing any assurance that security and/or privacy risks are being managed and objectives are met. Complete new program on information security and/or privacy is required. Very poor Almost certain

The rating reflects the publicly available information security or privacy maturity level of an assessed organization at a specific moment in time. IISRI® CyberRank provides daily updates, monitoring, and insights, showcasing which organizations achieve the top CyberRank each day!



This website uses cookies. You can find our Privacy Policy here. If you don‘t agree with it, please leave this website.
I agree