Study Finds Significant Correlation Between BitSight Analytics and Cybersecurity Incidents
BitSight, the Standard in Security Ratings, has released results from an independent study which found fourteen BitSight analytics, including the BitSight Security Rating, and thirteen BitSight risk vectors, to be correlated with cybersecurity incidents. The study concluded that cybersecurity performance deficiencies in the identified areas increases an organization’s risk of experiencing a cybersecurity incident, while strong performance implies a lower risk of an incident occurring.
The study was conducted by the Marsh McLennan Cyber Risk Analytics Center, which brings together the cyber risk data and analytics expertise of Marsh McLennan’s businesses, Marsh, Guy Carpenter, Mercer and Oliver Wyman. Marsh McLennan independently determined the methodology and analyzed BitSight’s security performance data on 365,000 organizations and Marsh McLennan’s proprietary cybersecurity incidents and claims information.
Recommended AI: Top 10 Martech Platforms Every Marketing Team Love Having in their Stack
“After comparing the security performance data of thousands of organizations that experienced cybersecurity incidents against those that did not, we identified a statistically significant correlation between BitSight Security Ratings as well as certain BitSight risk vectors and the likelihood of a cybersecurity incident,” said Scott Stransky, managing director and head of the Marsh McLennan Cyber Risk Analytics Center.
The marketplace has historically struggled to establish a data-driven relationship between poor cybersecurity performance and the increased likelihood of cybersecurity incidents. Demonstrating how quantitative performance measurements created by BitSight correlate to the likelihood of a cybersecurity incident show that BitSight’s cybersecurity analytics can assist security, business, and insurance leaders in making more informed and data-backed decisions.
Recommended AI: Microsoft 365 Security Features Protect Business Data from Evolving Threats
“The findings from this critical study confirm the value of BitSight’s Security Ratings and analytics,” said Stephen Harvey, chief executive officer, BitSight. “Our goal has always been to provide leaders with insightful data to help drive smarter decisions around cybersecurity. We anticipate this research will be used to augment the market’s cybersecurity decision making, and now those in the marketplace can be more confident that our data effectively assesses the cyber risk of organizations and provides actionable insights when creating or managing a cybersecurity program.”
The fourteen analytics with measured correlation cover a diverse set of security concerns including – Endpoint Management and Malware Detection, Vulnerability Management, Secure Communications, and User Training and Awareness. One critical finding from the report concerns the importance of an organization’s patching initiatives. Many organizations struggle to effectively deploy patches when a new vulnerability is identified. BitSight measures how many systems within an organization’s network are affected by important vulnerabilities, and how quickly the organization remediates them. Marsh McLennan found that an organization’s patching cadence, as measured by BitSight, was correlated to the likelihood of experiencing a cybersecurity incident.
Recommended AI: Consider Your DOOH Buying Methods Wisely: Direct Sales vs. Programmatic Buying
[To share your insights with us, please write to sghosh@martechseries.com]
Comments are closed.