Today BitSight published our third annual industry benchmarking report: Are Energy and Utilities At Risk of a Major Breach? This report illustrates the latest security performance of the Finance, Federal Government, Retail, Energy and Utilities, Healthcare, and Education industries. All of these industries hold sensitive data- and as a result they are targets for hackers. Like we do for all of our BitSight Insights, let’s dive into how each sector performed.
Energy and Utilities
The Energy and Utilities industry remained relatively unchanged from last year's mean rating. As of August 2015, the average rating for this industry was 652. As more devices are becoming networked in this industry, security challenges will only grow in the future (more on this in an upcoming blog).
This year’s benchmarking report is the first to include the Federal Government. Cybersecurity in this space has been in the spotlight, especially given the OPM breach in July in which 21.5 million records were stolen. We’ve highlighted how the government faces great challenges in mitigating third party risk. Despite these challenges, this sector was the second highest out of all the industries observed in this study with an average BitSight Security Rating of 688.
2014 was dubbed by many as “the year of the retailer breach”. So how did the industry fare this year? The mean BitSight Security Rating for Retail was 684- an improvement from last year’s 674 mean rating. A recent BDO survey showed that 56% of retailers are investing more in cybersecurity.
This year’s mean BitSight Security Rating for Education was 554. It is also the second year in a row that the industry rating dropped during school months. Stephen Boyer, CTO and Cofounder has recently said that the industry’s main challenges are tight budgets, a lack of control, and an extensive bring-your-own-device (BYOD) climate.
The mean rating for this industry was 634. Many of the biggest data breaches this year occurred in this sector: Anthem Insurance (37.5 million records stolen), Premera (11 million records stolen), and UCLA Health System (4.5 million records lost).
Like all of the industry benchmarking reports we have published so far, Finance remains the top performer. The industry’s mean rating was 716- in line with its rating of 712 last year. Financial firms have made significant investments in cybersecurity: a recent PwC survey showed the industry plans to spend $2 billion in security over the next two years. Companies like Bank of America also recognize the importance of analyzing security metrics to improve the detection and mitigation of cyber attacks.
Interested in the full analysis for these industries?
Download the third annual industry benchmark report to learn how vulnerable each industry is to common SSL bugs, as well as the unique security challenges each industry faces.