Cambridge Centre for Risk Studies and BitSight Partner on Cybersecurity Economics

Andrew Burton | October 25, 2021 | tag: BitSight Security Research

We are excited to announce a new research partnership with the Cambridge Centre for Risk Studies (CCRS). Our joint research will analyze the relationship between organizational cybersecurity investments and risk reduction. 

The partnership combines BitSight’s cybersecurity performance data and the CCRS’s sophisticated risk and incident modeling to help organizations evaluate security and risk management decisions and measure the efficacy of their investments in reducing risk.

This comes at a critical time for security professionals to demonstrate the value of their investments to senior leaders. In spite of record spending on cybersecurity technology in 2021, cyber attacks continue to escalate and cause massive financial damage to organizations across all sizes and sectors. Security and risk professionals face growing pressure from executives and boards to quantify the effectiveness of their investments in reducing risk.

“For far too long, organizational cybersecurity decisions and investments have been influenced by fear and marketing. It is critical for security and risk professionals to leverage data analysis in strategic decision making,” said Jacob Olcott, BitSight’s Vice President of Communications and Government Affairs. “This partnership will produce unique and valuable research to help leaders consider the financial costs and risk reduction benefits of their cybersecurity strategies. We are proud to work closely with the Cambridge Centre for Risk Studies to develop research that will benefit the global risk community.”

CCRS is a research group at the University of Cambridge’s Judge Business School. It provides frameworks for recognizing, assessing and managing the impacts of systemic threats. The Centre’s rigorous scenario-based framework integrates a wide range of threat classes including financial, geopolitical, technology, environmental, social, and governance. 

Dr Andrew Coburn, Chief Scientist, Cambridge Centre for Risk Studies, said, “Our work with BitSight will start to integrate quantitative data into the discussion to take the guesswork out of cybersecurity management. This partnership will explore how to reduce the impact of cybersecurity breaches and enable organizations to assess and compare alternative cyber loss reduction strategies on an objective basis to evaluate the effectiveness and value of security expenditure.”

BitSight Security Ratings are an objective measure of an organization’s security performance. Ratings are calculated using a proprietary algorithm that analyzes and classifies externally observable data. They are based on four classes of data—compromised systems, diligence, user behavior, and data breaches. As a data-driven and dynamic measurement of an organization’s cybersecurity performance, ratings are both material and correlated with financial performance.


New call-to-action

Suggested Posts

As Holiday Shopping Season Nears, Retailers May Be At Risk Of Ransomware

Recent BitSight research shows that 75% of retail businesses may be at increased risk of ransomware attacks as indicated by poor TLS/SSL configuration management. With the holiday shopping season upon us, it's more important than ever...

Moody's: Cyber Risk Quantification Is Credit Positive

We are excited to announce the availability of the Moody’s Investor Services 2022 Cyber Risk Outlook. The report, which leverages data provided by BitSight, outlines factors shaping the landscape for cyber risk in 2022. BitSight is...


BitSight Apache Risk Analysis Highlights Need To Address CISA “Known Vulnerabilities”

Today, the Cybersecurity and Infrastructure Security Agency (CISA) issued Binding Operational Directive (BOD) 22-01, Reducing the Significant Risk of Known Exploited Vulnerabilities, to drive urgent and prioritized remediation of...


Get the Weekly Cybersecurity Newsletter.