BitSight Insights: Are Energy and Utilities At Risk of a Major Breach?

Noah Simon | September 22, 2015

Today BitSight published our third annual industry benchmarking report: Are Energy and Utilities At Risk of a Major Breach? This report illustrates the latest security performance of the Finance, Federal Government, Retail, Energy and Utilities, Healthcare, and Education industries. All of these industries hold sensitive data- and as a result they are targets for hackers. Like we do for all of our BitSight Insights, let’s dive into how each sector performed.


Energy and Utilities 

The Energy and Utilities industry remained relatively unchanged from last year's mean rating. As of August 2015, the average rating for this industry was 652. As more devices are becoming networked in this industry, security challenges will only grow in the future (more on this in an upcoming blog).

Federal Government

This year’s benchmarking report is the first to include the Federal Government. Cybersecurity in this space has been in the spotlight, especially given the OPM breach in July in which 21.5 million records were stolen. We’ve highlighted how the government faces great challenges in mitigating third party risk. Despite these challenges, this sector was the second highest out of all the industries observed in this study with an average BitSight Security Rating of 688.

Download the latest BitSight Insight Report


2014 was dubbed by many as “the year of the retailer breach”. So how did the industry fare this year? The mean BitSight Security Rating for Retail was 684- an improvement from last year’s 674 mean rating. A recent BDO survey showed that 56% of retailers are investing more in cybersecurity.


This year’s mean BitSight Security Rating for Education was 554. It is also the second year in a row that the industry rating dropped during school months. Stephen Boyer, CTO and Cofounder has recently said that the industry’s main challenges are tight budgets, a lack of control, and an extensive bring-your-own-device (BYOD) climate.


The mean rating for this industry was 634. Many of the biggest data breaches this year occurred in this sector: Anthem Insurance (37.5 million records stolen), Premera (11 million records stolen), and UCLA Health System (4.5 million records lost).


Like all of the industry benchmarking reports we have published so far, Finance remains the top performer. The industry’s mean rating was 716- in line with its rating of 712 last year. Financial firms have made significant investments in cybersecurity: a recent PwC survey showed the industry plans to spend $2 billion in security over the next two years. Companies like Bank of America also recognize the importance of analyzing security metrics to improve the detection and mitigation of cyber attacks.

Interested in the full analysis for these industries?

Download the third annual industry benchmark report to learn how vulnerable each industry is to common SSL bugs, as well as the unique security challenges each industry faces.

Download the latest BitSight Insight Report "Beware the Botnets"  

Suggested Posts

What Companies Using Cloud Services Need To Know About Their Risk Responsibilities

Cloud computing is not new to the cyber world; it’s here to stay. Web services are common in our everyday lives and workplaces, with things like Facebook, Salesforce, JIRA, Adobe, and GSuite all falling into the cloud-based category. But...


Joint Effort with Microsoft to Disrupt Massive Criminal Botnet Necurs

Since 2017 BitSight has been working together with Microsoft’s Digital Crimes Unit (DCU) to understand the inner workings of the Necurs malware, its botnets and command and control infrastructure in order to take disruptive action against...


Forecasting and Advanced Analytics: Building a Solid Security Strategy For 2020

2020 is not only the beginning of a new year, but the start of a new decade, and with it comes the dawn of a new era for the digital world. We’re now in the midst of the once far-off, “futuristic” time periods old books and movies used to...


Subscribe to get security news and updates in your inbox.