Celebrating 10 Years of Bitsight: A Co-Founder Looks Back

It’s hard to believe, but Bitsight is celebrating our 10 year anniversary this week! I co-founded Bitsight in 2011 with my friend and grad school classmate, Nagarjuna Venna. When I think back at our original idea of creating a global cybersecurity ratings system, I’m surprised that our original thesis and vision still holds true today. It’s been an incredible journey filled with twists and turns, and I wanted to share some thoughts about where we’ve been and where we’re headed in the next decade.

The technology landscape certainly looked different back in 2011. Some of the technologies that have become ubiquitous in our lives were just getting started -- Airbnb and Uber were still in their infancy, Twitter was not quite ubiquitous, and you could still get DVDs in the mail from Netflix. I often say that Bitsight could have only been launched during the era of cloud computing because of all of the data we collect, store, and analyze. Without the emergence of this infrastructure, our vision would not be possible.

Cybersecurity, of course, was very different too. I had spent years prior to grad school working in cybersecurity for the U.S. government so I was aware of many of the challenges that organizations faced (and continue to deal with today). The role of the CISO was almost exclusively a technical position. Even though serious incidents had occurred, there was still very little public awareness of cybersecurity and board-level understanding about security and risk was practically non-existent outside of major financial institutions. If companies had a cybersecurity program (and many didn’t!) they were usually focused on protecting themselves -- few realized that third party vendors and supply chain partners could put them at risk. It wasn’t until major breaches like Target, OPM, and Equifax -- which were still years away -- that companies and executives really began to realize the legal, reputational, and financial implications that cyber incidents could have on their businesses.

Nagarjuna and I founded Bitsight because we were fundamentally focused on improving the state of cybersecurity around the globe. This was part of our original documentation to the National Science Foundation and our original patents founding the space. We believed that a critical challenge was a lack of publicly available, high quality, independent, objective, continuous measurements of cybersecurity performance. Without this data, market participants -- like companies, insurers, investors, and government agencies -- would not be able to factor cybersecurity into their decision-making processes. We believed that if we provided objective, quantitative information about cybersecurity performance then companies, insurers, governments, and investors could use that information to better understand, factor, and price cyber risk into decisions… thereby creating a more secure and resilient global ecosystem.

That’s still our mission at Bitsight. The last decade has been an exciting journey for all of us -- we’ve grown from inhabiting a small, shared office to now employing over 430 people around the world. In many ways, our original thesis has been validated -- there is significant demand for our data across critical market participants including enterprises, insurers, governments, and investors. We’ve seen dramatic growth in customers and revenue over the last decade and I’m so proud to work alongside colleagues who consistently deliver high quality products and support to our 2,000+ customers day-in and day-out:

I’m particularly proud of the following:

• We’ve successfully scaled the technology to now provide security ratings immediately on 40 million companies (and counting) leveraging more than 25 patents we’ve been awarded over the last decade. It’s taken incredible engineering and product work to achieve this from some of the industry’s sharpest minds.
• We’re delivering value and solving real problems by delivering meaningful and accurate performance ratings for some of the most discerning customers in the marketplace. In addition to our 2,000+ customers, more than 50% of global insurance premiums are written by Bitsight customers and 20% of global governments use our data to protect national security. We’re honored to work with such amazing customers and thought leaders.
• We’re widely trusted by the market for our data and our accuracy, and we’re helping to connect the security teams to the boardroom. We’ve published research throughout the decade showing a strong relationship between our security performance ratings and breach probability. Independent researchers have found links between our ratings and financial performance -- companies with strong cybersecurity performance actually deliver up to 7% better returns for investors. These are critical points as cybersecurity becomes a part of every executive and board-level discussion.
• We’re having a positive impact on society. We’ve measurably reduced risk in the ecosystem, including by partnering with international law enforcement to disrupt the world’s largest criminal bot network (Necurs)
• We continue to innovate and expand our product capabilities to help CISOs communicate risk in meaningful ways to their executives and board members. We recently introduced robust financial quantification of cyber risk analysis that allows our customers to communicate about cybersecurity performance in language that the board and senior management can better understand. It’s this type of connection that is helping bring cybersecurity to the forefront of business decisions.

Though we’re 10 years into this journey, in many ways, we’re only at the beginning. Cybersecurity continues to be a challenging, dynamic risk -- just in the last month, organizations have dealt with new attacks targeting ubiquitous software and products, including SolarWinds Orion, Microsoft Exchange, and Pulse Secure. Our work is more important than ever -- and to paraphrase Lincoln’s Gettysburg Address, we have to be dedicated to the great task remaining before us. There is much unfinished business, new risks that will arise, new challenges ahead.

As current and former Bitsight colleagues and friends came together to celebrate the last decade and Bitsight’s incredible growth, I told the team that I’m looking forward to working with them to transform how the world manages cyber risk. I still think we are working on something big, important, and long-lasting. I’m proud of everyone who has helped along the way to make this real. And I can’t wait for the next decade!