Will Healthcare Be the Next Retail?

Sonali Shah | May 28, 2014 | tag: BitSight

Today BitSight released a new BitSight Insights Report. Our objective in publishing these reports is to share findings from analysis conducted on the terabytes of security-incident data we gather on a daily basis. Due to our unique outside-in approach to measuring security performance, we are able to assess performance by company, industry and region without any intrusive testing. This latest BitSight Insights discusses the security performance of four industries - Finance, Utilities, Retail and Healthcare & Pharmaceuticals. We looked at the BitSight Security Ratings for companies in the S&P 500 Index that belong to these industries over a one year period (April 2013 to March 2014). BitSight Security Ratings (link to overview datasheet) are calculated daily and range from 250 to 900, with the higher rating representing a better security performance. Our findings may be surprising for some, and validation for others. Finance performed the best, followed closely by utilities. Retail rated third and healthcare and pharmaceuticals came in last.


Below is a brief summary of findings by industry.

Finance tops the list. The Security Rating for the finance industry was the highest of all of the industries analyzed, averaging 765 in March 2014. This industry had the shortest average event duration suggesting that this sector is quicker to detect and respond to cyber threats than others. Given the executive level focus on cyber security and associated large budgets to mitigate security risk, this finding comes as no surprise.

Utilities also shine bright. The average Security Rating for the utilities sector was 751 in March 2014. Like finance, the range of ratings within the utilities sector is relatively narrow, meaning the majority of companies are high performers. This certainly came as a surprise to many, given all the media attention on the need to improve the security of our critical infrastructure. However, according to cyber security experts in the utility sector, the largest utilities (particularly the ones in the S&P 500 Index) are quite diligent in managing cyber risk

Retail’s poor performance continues. Of the four industries, retail is the only one that ended the time period with a lower Security Rating than the beginning of the period. The average rating in March 2014 was 685. With all the recent breach announcements in this sector, Target, Neiman Marcus, Michaels and now Lowes, this finding comes as no surprise.

Healthcare and pharmaceuticals demonstrate signs of serious illness. Healthcare and pharmaceuticals saw an increase over the time period, but still came in last with an average Security Rating of 660 in March 2014. Like the retail sector, the spread in performance across the industry is large, implying that there are many companies that are seriously underperforming.

Suggested Posts

Celebrating 10 Years of BitSight: A Co-Founder Looks Back

It’s hard to believe, but BitSight is celebrating our 10 year anniversary this week! I co-founded BitSight in 2011 with my friend and grad school classmate, Nagarjuna Venna. When I think back at our original idea of creating a global...


Meet Our Customer Success Team: Ashley Ritrovato

Check out this Q&A with a US-based member of BitSight's Customer Success team to learn about her role as an BitSight Advisor & Customer Success Manager, her experience, and more.


Meet Our Customer Success Team: Alessandra Pilloni

Check out this Q&A with a London-based member of BitSight's Customer Success team to learn about her role as an Customer Success Manager, her experience, and more.


Get the Weekly Cybersecurity Newsletter.