Cambridge Centre for Risk Studies and BitSight Partner on Cybersecurity Economics

We are excited to announce a new research partnership with the Cambridge Centre for Risk Studies (CCRS). Our joint research will analyze the relationship between organizational cybersecurity investments and risk reduction. 

The partnership combines BitSight’s cybersecurity performance data and the CCRS’s sophisticated risk and incident modeling to help organizations evaluate security and risk management decisions and measure the efficacy of their investments in reducing risk.

This comes at a critical time for security professionals to demonstrate the value of their investments to senior leaders. In spite of record spending on cybersecurity technology in 2021, cyber attacks continue to escalate and cause massive financial damage to organizations across all sizes and sectors. Security and risk professionals face growing pressure from executives and boards to quantify the effectiveness of their investments in reducing risk.

“For far too long, organizational cybersecurity decisions and investments have been influenced by fear and marketing. It is critical for security and risk professionals to leverage data analysis in strategic decision making,” said Jacob Olcott, BitSight’s Vice President of Communications and Government Affairs. “This partnership will produce unique and valuable research to help leaders consider the financial costs and risk reduction benefits of their cybersecurity strategies. We are proud to work closely with the Cambridge Centre for Risk Studies to develop research that will benefit the global risk community.”

Financial Quantification of Cyber Risk eBook

Learn how BitSight Financial Quantification for Enterprise Cyber Risk empowers you to streamline your process for quantifying risk, make more informed business decisions, and report to the board effectively.

Read The eBook
Button Arrow

CCRS is a research group at the University of Cambridge’s Judge Business School. It provides frameworks for recognizing, assessing and managing the impacts of systemic threats. The Centre’s rigorous scenario-based framework integrates a wide range of threat classes including financial, geopolitical, technology, environmental, social, and governance. 

Dr Andrew Coburn, Chief Scientist, Cambridge Centre for Risk Studies, said, “Our work with BitSight will start to integrate quantitative data into the discussion to take the guesswork out of cybersecurity management. This partnership will explore how to reduce the impact of cybersecurity breaches and enable organizations to assess and compare alternative cyber loss reduction strategies on an objective basis to evaluate the effectiveness and value of security expenditure.”

BitSight Security Ratings are an objective measure of an organization’s security performance. Ratings are calculated using a proprietary algorithm that analyzes and classifies externally observable data. They are based on four classes of cybersecurity data—compromised systems, diligence, user behavior, and data breaches. As a data-driven and dynamic measurement of an organization’s cybersecurity performance, ratings are both material and correlated with financial performance.