How Secure Are America's Largest Business Partners?

Melissa Stevens | March 8, 2017

Fortune 1000 organizations are acknowledged for generating significant amounts of revenue. Yet beyond bringing in a considerable amount of money, these companies are also integral to the supply chains of many organizations around the world. Recognizing this, BitSight researchers set out to understand the security strengths and weaknesses found in Fortune 1000 companies. Companies that share data and network access with these organizations should be cognizant of common cyber risks found within these organizations, and use this insight to better inform their third party risk management programs.

Rating the Security Performance of Fortune 1000 Companies

How do Fortune 1000 companies perform in comparison to similar organizations? To answer this question, BitSight studied Fortune 1000 companies alongside “Non-F100 companies” (a random sample of 2,500 companies with a similar industry breakdown, and with at least 2,500 employees). 

Security Ratings of Fortune 1000 companies

At the high end of the spectrum, Fortune 1000 companies are performing on par with similar Non-F1000 organizations. Twenty-five percent of companies in both sets have BitSight Security Ratings above 750, placing them in BitSight’s Advanced category (ratings that span from 740-900). However, the median rating for Fortune 1000 is 700 while the median rating for Non-F1000 companies is 730. At the bottom end of the spectrum, 69% of Fortune 1000 companies perform above BitSight’s Basic category (which spans ratings of 250-640). This is lower than Non-F1000 companies, for which 73% of companies fall above this category.

Rate of System Compromises

A primary reason Fortune 1000 companies have a lower median BitSight Security Rating is that a larger percentage of these organizations exhibit system compromises on their network. (To see which system compromises are most prevalent, grab a copy of the report here!). As of December 2016, 30% of Fortune 1000 companies had system compromises on their networks. System compromises were seen on just 21% of Non-F1000 companies.

System Compromises Fortune 1000 companies

Rate of BreachCybersecurity Report Fortune 1000

Lastly, BitSight observed that 4.9% of Fortune 1000 companies experienced a publicly disclosed breach within the last 15 months. This is nearly double the rate we observed in our other set of 2,500 companies, for which 2.75% of companies disclosed a data breach. A likely factor for this may be that Fortune 1000 organizations possess the types of data that make them more likely to have a legal obligation to disclose a breach. Nonetheless, the difference in the rate of breach depicts the great risks faced by these large companies. 

What should actions should Fortune 1000 companies and their business partners take in order to reduce cyber risk? Download the latest BitSight Insights report to find out.

Suggested Posts

What Companies Using Cloud Services Need To Know About Their Risk Responsibilities

Cloud computing is not new to the cyber world; it’s here to stay. Web services are common in our everyday lives and workplaces, with things like Facebook, Salesforce, JIRA, Adobe, and GSuite all falling into the cloud-based category. But...


Joint Effort with Microsoft to Disrupt Massive Criminal Botnet Necurs

Since 2017 BitSight has been working together with Microsoft’s Digital Crimes Unit (DCU) to understand the inner workings of the Necurs malware, its botnets and command and control infrastructure in order to take disruptive action against...


Forecasting and Advanced Analytics: Building a Solid Security Strategy For 2020

2020 is not only the beginning of a new year, but the start of a new decade, and with it comes the dawn of a new era for the digital world. We’re now in the midst of the once far-off, “futuristic” time periods old books and movies used to...


Subscribe to get security news and updates in your inbox.