BitSight Insights

How Secure Are America's Largest Business Partners?

Melissa Stevens | March 8, 2017

Fortune 1000 organizations are acknowledged for generating significant amounts of revenue. Yet beyond bringing in a considerable amount of money, these companies are also integral to the supply chains of many organizations around the world. Recognizing this, BitSight researchers set out to understand the security strengths and weaknesses found in Fortune 1000 companies. Companies that share data and network access with these organizations should be cognizant of common cyber risks found within these organizations, and use this insight to better inform their third party risk management programs.

Rating the Security Performance of Fortune 1000 Companies

How do Fortune 1000 companies perform in comparison to similar organizations? To answer this question, BitSight studied Fortune 1000 companies alongside “Non-F100 companies” (a random sample of 2,500 companies with a similar industry breakdown, and with at least 2,500 employees). 

Security Ratings of Fortune 1000 companies

At the high end of the spectrum, Fortune 1000 companies are performing on par with similar Non-F1000 organizations. Twenty-five percent of companies in both sets have BitSight Security Ratings above 750, placing them in BitSight’s Advanced category (ratings that span from 740-900). However, the median rating for Fortune 1000 is 700 while the median rating for Non-F1000 companies is 730. At the bottom end of the spectrum, 69% of Fortune 1000 companies perform above BitSight’s Basic category (which spans ratings of 250-640). This is lower than Non-F1000 companies, for which 73% of companies fall above this category.

Rate of System Compromises

A primary reason Fortune 1000 companies have a lower median BitSight Security Rating is that a larger percentage of these organizations exhibit system compromises on their network. (To see which system compromises are most prevalent, grab a copy of the report here!). As of December 2016, 30% of Fortune 1000 companies had system compromises on their networks. System compromises were seen on just 21% of Non-F1000 companies.

System Compromises Fortune 1000 companies

Rate of BreachCybersecurity Report Fortune 1000

Lastly, BitSight observed that 4.9% of Fortune 1000 companies experienced a publicly disclosed breach within the last 15 months. This is nearly double the rate we observed in our other set of 2,500 companies, for which 2.75% of companies disclosed a data breach. A likely factor for this may be that Fortune 1000 organizations possess the types of data that make them more likely to have a legal obligation to disclose a breach. Nonetheless, the difference in the rate of breach depicts the great risks faced by these large companies. 

What should actions should Fortune 1000 companies and their business partners take in order to reduce cyber risk? Download the latest BitSight Insights report to find out.

Suggested Posts

Data Insights on the BlueKeep Vulnerability

On May 14th, Microsoft issued a warning about the BlueKeep vulnerability (CVE-2019-0708) affecting Remote Desktop Services Protocol (RDP), a component common in most versions of Microsoft Windows that allows remote access to its graphical...


Cybersecurity in Europe is Improving: Thank You GDPR?

After years of debate over whether to impose new cybersecurity regulations on companies,  General Data Protection Regulation (GDPR) laws went into effect in Europe in May 2018. Already we’ve seen several data breach victims ordered to pay...


Security Ratings of U.S. Federal Agencies & Government Contractors

The federal government relies on tens of thousands of contractors and subcontractors — often referred to as the federal “supply chain” — to provide critical services, hold or maintain sensitive data, deliver technology, and perform key...


Subscribe to get security news and updates in your inbox.