This comes at a critical time for security professionals to demonstrate the value of their investments to senior leaders. In spite of record spending on cybersecurity technology in 2021, cyber attacks continue to escalate and cause massive financial damage to organizations across all sizes and sectors. Security and risk professionals face growing pressure from executives and boards to quantify the effectiveness of their investments in reducing risk.
“For far too long, organizational cybersecurity decisions and investments have been influenced by fear and marketing. It is critical for security and risk professionals to leverage data analysis in strategic decision making,” said Jacob Olcott, BitSight’s Vice President of Communications and Government Affairs. “This partnership will produce unique and valuable research to help leaders consider the financial costs and risk reduction benefits of their cybersecurity strategies. We are proud to work closely with the Cambridge Centre for Risk Studies to develop research that will benefit the global risk community.”
CCRS is a research group at the University of Cambridge’s Judge Business School. It provides frameworks for recognizing, assessing and managing the impacts of systemic threats. The Centre’s rigorous scenario-based framework integrates a wide range of threat classes including financial, geopolitical, technology, environmental, social, and governance.
Dr Andrew Coburn, Chief Scientist, Cambridge Centre for Risk Studies, said, “Our work with BitSight will start to integrate quantitative data into the discussion to take the guesswork out of cybersecurity management. This partnership will explore how to reduce the impact of cybersecurity breaches and enable organizations to assess and compare alternative cyber loss reduction strategies on an objective basis to evaluate the effectiveness and value of security expenditure.”
BitSight Security Ratings are an objective measure of an organization’s security performance. Ratings are calculated using a proprietary algorithm that analyzes and classifies externally observable data. They are based on four classes of data—compromised systems, diligence, user behavior, and data breaches. As a data-driven and dynamic measurement of an organization’s cybersecurity performance, ratings are both material and correlated with financial performance.
We are excited to announce the availability of the Moody’s Investor Services 2022 Cyber Risk Outlook. The report, which leverages data provided by BitSight, outlines factors shaping the landscape for cyber risk in 2022. BitSight is...
Today, the Cybersecurity and Infrastructure Security Agency (CISA) issued Binding Operational Directive (BOD) 22-01, Reducing the Significant Risk of Known Exploited Vulnerabilities, to drive urgent and prioritized remediation of...