Skip to main content

Frequently asked questions 2023

Contact details in case you have any questions:

KSV1870 Nimbusec GmbH +43 (732) / 860 626 Kaisergasse 16b, 4020 Linz

What are the benefits for customers?
  • Users of the CyberRisk Rating by KSV1870 receive a standardised process to rate all service providers, suppliers and other third parties concerning their cyber risk.
  • Rated companies receive an efficient, objective process that only needs to be carried out once a year to disclose their cyber risk to all interested customers.
    Through the published standard of the "Kompetenzzentrum Sicheres Österreich" rated companies can positively influence their cyber risk management.
  • All companies receive a guideline, free of charge, in order to be able to reduce their own cyber risk in a targeted and structured manner. This guideline is continuously maintained by Austria's most recognised experts and adapted to new technical requirements.
  • Austria's economy becomes more resilient by reducing the cyber risk of its supply chains. This is the basis for the necessary digitalisation to maintain our international competitiveness.
What does the CyberRisk Rating by KSV1870 cost?
  • Companies that are rated do not have to bear any costs.
  • Currently, the CyberRisk Rating is only offered for large companies and critical infrastructure.
  • If you are interested in more information, we will be happy to call you back. (Please order a callback with your contact details at
Where can the CRR be used?
  • The CyberRisk Rating by KSV1870 is based on the requirements of the Cyber Risk Scheme of the "Kompetenzzentrum Sicheres Österreich".
  • These requirements were defined by leading cyber risk managers of Austrian companies from all sectors of critical infrastructure and representatives of the Federal Ministry of Internal Affairs.
  • The CyberRisk Rating can therefore be used in every industry and economic sector in which an assessment of the cyber risk of companies - especially suppliers - is necessary.
  • In particular, operators of essential services are legally obliged under Section 11 (1) (2) in conjunction with Annex 1 NISV to take appropriate security precautions with regard to their dealings with service providers, suppliers and other third parties. The present CyberRisk Rating by KSV1870 aims at fulfilling this requirement (monitoring of suppliers of an energy group or an airport), but does not replace the necessary proof of an operator of essential services according to § 17 para. 3 NISG (= comprehensive audit of an operator of essential services such as an energy group or an airport itself).

Does the CRR affect the KSV1870 rating?
  • The CRR is an independent product that currently has no direct impact on the KSV1870 rating.
  • However, KSV1870 expects that the CyberRisk Rating will be used by KSV1870 customers in addition to the KSV1870 Rating. The trend of digitalisation will strengthen this development in the future.
How does the cyberrisk rating process work?

The CyberRisk Rating assessment takes about one hour and consists of two parts:

  1. For each requirement of the Cyber Risk Scheme, it must be stated whether the requirement is fulfilled (yes/no).
  2. In order to ensure the traceability and plausibility of the self-assessment, the organisations must provide a description for each question as to how the requirement is specifically fulfilled in the organisation and which evidence can be provided if necessary.

Kompetenzzentrum Sicheres Österreich:
Cyber Risk Scheme: