CyberRisk Rating 

EU-GDPR and EU-NIS require professional cyber risk management from all organizations, especially those critical for a country's infrastructure and their suppliers. With ever increasing network complexities in digital supply chains the Austrian CyberRisk Rating enables any organization to evaluate their suppliers worldwide and uncover hidden risks based on an industry standard maintained by KSÖ with respect to EU directive 2016/1148 (NIS) and EU directive 2016/679 (GDPR).


Who can customers contact?

Nimbusec GmbH, a subsidiary of KSV1870
+43 (732) / 860 626
Fadingerstraße 15, 4020 Linz

What does the CyberRisk Rating by KSV1870 cost?

  • There is no cost for companies that are evaluated.

  • Currently, CyberRisk Rating is only offered for large and critical infrastructure companies.

  • If you are interested in more information, please send your request and contact information to, we will gladly call you back.

What are the benefits for customers?

  • Users of the CyberRisk Rating by KSV1870 receive a standardized process to evaluate all service providers, suppliers and other third parties with regard to their cyber risk.

  • Rated companies receive an efficient, objective process that only needs to be performed once to disclose their cyber risk to all interested customers for one year. Due to the open standard of the Austrian Safeguard Board, evaluated companies can positively influence their cyber risk in a targeted manner.

  • All companies receive a free guideline to reduce their own cyber risk in a targeted and structured way. This guideline is continuously maintained by the most recognized experts in Austria and adapted to new technical requirements.

  • Austria's economy becomes more resilient by reducing the cyber risk of its supply chains. This is the basis for the digitization necessary to maintain our international competitiveness.

Where or in which industries and areas can the CRR be used? In all companies, regardless of size?

  • The CyberRisk Rating by KSV1870 is based on the requirements of the CyberRisk Scheme of the Board of Kuratorium Sicheres Österreich.

  • These requirements were defined by leading Cyber Risk managers of Austrian companies from all sectors of critical infrastructure and representatives of the Federal Ministry of the Interior.

  • The CyberRisk Rating can therefore be used in every industry and every economic sector where an assessment of the cyber risk of companies - especially suppliers - is necessary.

  • In particular, operators of essential services are legally obliged pursuant to § 11 para. 1 Z 2 in conjunction with Annex 1 NISV to take appropriate security measures with regard to their dealings with service providers, suppliers and other third parties. The present CyberRisk Rating by KSV1870 aims at fulfilling this requirement (Monitoring of suppliers of an energy company or an airport), but does not replace the necessary proof of an operator of essential services according to § 17 para. 3 NISG (= Comprehensive examination of an operator of essential services such as an energy company or an airport itself).

Does the CRR affect the KSV1870 rating?

  • The CRR is an independent product that currently has no direct influence on the KSV1870 rating.

  • However, KSV1870 expects that the CyberRisk Rating will be used by KSV1870 customers as a supplement to the KSV1870 Rating as an information basis for a wide range of business decisions. The megatrend digitalization will further strengthen this development in the future.

How does it work and how long does it take to process and implement?

The CyberRisk Rating assessment takes about one hour and consists of two parts:

  • For each requirement of the Cyber Risk Scheme (point 7) it must be stated whether the requirement is met (Yes/No).

  • In order to ensure the traceability and plausibility of the self-assessment, the organizations must provide a description of how the requirement is actually fulfilled in the organization for each question and what evidence can be presented if necessary.

You want to learn more about the Austrian CyberRisk Rating?

Get in touch with our team! 

trusted by: