The governance of the cyber risk rating schemes lies in the hands of the Cyber Risk Advisory Board, which consists of leading cybersecurity experts from large Operators of essential Services from all sectors according to the NIS directive (banks, energy providers, healthcare providers, digital services, etc.). Additionally, there are representatives of the competent NIS authority in the Cyber Risk Advisory Board. Therefore it is not only guaranteed that the requirements of the Cyber Risk Rating are technically according to state of the art, but they also comply with the security requirements of large enterprises as well as the competent authorities.
The scheme is subject to an ongoing review and improvement, to reflect the ever changing requirements of the cybersecurity domain.