Insights blog.

Since creating the Security Ratings market in 2011, a core component of Bitsight’s value to users has been providing industry-leading comprehensive visibility into malware communications.

Based on security performance data of hundreds of thousands of global organizations, Peer Analytics gives security and risk leaders visibility into the relative performance of their cybersecurity programs against a meaningful set of peers. These analytics help them set achievable performance targets based on their Bitsight Security Rating, effectively allocate limited resources, and efficiently prioritize security efforts with a focus on continuous program improvement.
Peer Analytics provides companies with a more granular view of their security rating. It is based on hundreds or thousands of companies (a broader set of similar organizations) that allow you to see where there are gaps in your security performance: at the ratings level, risk vector grade level, and at the vector detail event level.
Peer Analytics: Analyze, Prioritize, Act
Today, security and risk leaders use Peer Analytics to:

Set achievable security goals based on relative performance withi

When it comes to security performance management within your organization, how do your security teams measure performance? If they’re using security ratings, they know that this objective, quantitative measurement is an effective place to start when evaluating performance in certain areas.

An increasing number of security and risk teams are using security ratings to effectively assess the impact of their security programs as well as communicate changes to key decision makers — like the Board of Directors. These teams know that their company needs tools that provide an objective and quantitative view of their cybersecurity performance over time.

In a 2017 survey of almost 1,300 CEOs conducted by PwC, 63% of respondents said they were “extremely concerned” about cyber threats — up from just 8% in 2013.

For the last five years, Bitsight Security Ratings have been helping companies gain insight into the efficacy of their security programs, as well as the security performance of third and fourth party vendors. Today, the Bitsight Security Rating platform provides a year’s worth of data on all companies to paint a comprehensive picture of a company’s security posture over time.

Most organizations are accustomed to benchmarking certain business areas like sales, profits, and resource allocation. These areas all have one thing in common — they are easily measured with simple, quantifiable metrics.

Effective cybersecurity involves regularly assessing the effectiveness of your organization’s policies, tools, and processes to ensure you’re staying ahead of the curve. In order to gain insight into your cybersecurity performance, you need clear, continuous, actionable metrics that you can track over time and compare to peers, competitors, and across business units.

In today’s evolving cyber risk landscape, Boards of Directors are becoming increasingly concerned about their company’s security performance. In fact, the NACD has found that 89% of public companies and 72% of private companies regularly discuss security at Board meetings. While they are asking for updates on enterprise cybersecurity posture more often, they do not necessarily have the expertise or experience to know what to ask for — or how to interpret the technical information presented to them.

Quantifying and tracking your cybersecurity performance so you can compare your organization to others, also known as benchmarking, is necessary to improving the effectiveness of your security programs.

As a member of your company’s board, you know that cybersecurity is a critical risk that simply cannot be ignored, and that should be reported on regularly by the appropriate executives. According to the 2017 NACD Director’s Handbook on Cyber-Risk Oversight, 89 percent of public-company directors say cybersecurity is discussed regularly in board meetings, and 72 percent of private-company directors say the same. Most companies are clearly moving in the right direction.

Last week, Bitsight released our new Security Rating Snapshot report.

In 2015, Bitsight published a report, Beware the Botnets: Botnets Correlated to a Higher Likelihood of a Significant Breach. In that report, researchers discovered that companies with botnet grades of ‘B’ or lower were more than twice as likely to experience a significant data breach. Now two years since that study, researchers examined more than 70,000 organizations and found similar results, including additional risk vectors that correlate to an increased likelihood of an organization experiencing a breach. Organizations have begun to take action based on these findings by communicating with trusted third parties who are likely to experience a data breach based on their security posture.

Since our foundation in 2011 as the first company to provide a rating for measuring a company’s cyber security, Bitsight has become the world-leading security ratings provider. Bitsight is used around the world by industry leaders, country governance systems, as well as smaller organizations alike to take control of their cyber footprint, using safe and objective rating techniques. What does Bitsight do to stand apart from others in the security industry?

PwC recently published The Global State of Information Security Survey 2016, which highlights security trends in a number of industries and key themes across all industries.