Cyber risk scores can be expressed numerically, much like a credit score, or can be presented as percentages, with 100 percent representing complete visibility into all cybersecurity vulnerabilities of the organization. The score shows what percent of the risk has been satisfied by controls, such as effective patch management and monitoring tools. An organization’s accepted risk will depend on its cybersecurity budget, the ease of mitigating known vulnerabilities and its risk tolerance. The first step in creating a cyber risk score is developing a picture of the risk inherent throughout your organization by prioritizing IT assets and assessing the risk factor for each.