Will Healthcare Be the Next Retail?

Sonali Shah | May 28, 2014

Today BitSight released a new BitSight Insights Report. Our objective in publishing these reports is to share findings from analysis conducted on the terabytes of security-incident data we gather on a daily basis. Due to our unique outside-in approach to measuring security performance, we are able to assess performance by company, industry and region without any intrusive testing. This latest BitSight Insights discusses the security performance of four industries - Finance, Utilities, Retail and Healthcare & Pharmaceuticals. We looked at the BitSight Security Ratings for companies in the S&P 500 Index that belong to these industries over a one year period (April 2013 to March 2014). BitSight Security Ratings (link to overview datasheet) are calculated daily and range from 250 to 900, with the higher rating representing a better security performance. Our findings may be surprising for some, and validation for others. Finance performed the best, followed closely by utilities. Retail rated third and healthcare and pharmaceuticals came in last.


Below is a brief summary of findings by industry.

Finance tops the list. The Security Rating for the finance industry was the highest of all of the industries analyzed, averaging 765 in March 2014. This industry had the shortest average event duration suggesting that this sector is quicker to detect and respond to cyber threats than others. Given the executive level focus on cyber security and associated large budgets to mitigate security risk, this finding comes as no surprise.

Utilities also shine bright. The average Security Rating for the utilities sector was 751 in March 2014. Like finance, the range of ratings within the utilities sector is relatively narrow, meaning the majority of companies are high performers. This certainly came as a surprise to many, given all the media attention on the need to improve the security of our critical infrastructure. However, according to cyber security experts in the utility sector, the largest utilities (particularly the ones in the S&P 500 Index) are quite diligent in managing cyber risk

Retail’s poor performance continues. Of the four industries, retail is the only one that ended the time period with a lower Security Rating than the beginning of the period. The average rating in March 2014 was 685. With all the recent breach announcements in this sector, Target, Neiman Marcus, Michaels and now Lowes, this finding comes as no surprise.

Healthcare and pharmaceuticals demonstrate signs of serious illness. Healthcare and pharmaceuticals saw an increase over the time period, but still came in last with an average Security Rating of 660 in March 2014. Like the retail sector, the spread in performance across the industry is large, implying that there are many companies that are seriously underperforming.

Suggested Posts

5 Crucial Strategies for Improving Retail Network Security

The retail sector has proven that when top minds put their heads together, they can make real headway against pernicious cyber threats. Case in point: the industry-wide adoption of EMV  chip cards has played a role in reducing...


3 Surprising Ways Supply Chain Cybersecurity Can Impact Retailers

Retail operations, whether in-store or online, rely on a long chain of connections between third parties. When attackers target one of these third parties, they can wreak havoc on the supply chain, affecting business operations up and down...


4 Emerging Retail Cybersecurity Threats (and How to Stop Them)

The retail industry has always been a favorite target of cyber criminals. We all remember major data breaches like those that affected Target, TJX, and Home Depot — but the truth is that cybersecurity threats have been a daily concern of...


Subscribe to get security news and updates in your inbox.