<img height="1" width="1" style="display:none;" alt="" src="https://dc.ads.linkedin.com/collect/?pid=26304&amp;fmt=gif">
Cyber Risks

Examining The Growing Cyber Risk Gap

Dave Fachetti | November 17, 2017

In today’s business world, the desire to transact in the digital realm is dramatically accelerating and, unfortunately, so is the cyber risk that one takes on as a result. Organizations that handle sensitive data are more likely to become the targets of hackers who are looking to exploit this information stored within their network. Businesses now find themselves exposed to a growing “Cyber Risk Gap.” This gap is the outcome of the combined impact of the following:  

1. An increasing and changing set of risk/threat vectors. 

Today, more than ever, there are innumerable ways for bad actors to penetrate business organizations. This was displayed over the past year with events like WannaCry and other ransomware attacks that caused business disruption as well as significant data compromise. Taking this into account, companies must be able to guard themselves against these increasing varieties/types of threats.

2. A higher volume of new vendors. 

Organizations do business with more vendors than ever before — their ecosystem expands to include both their third parties and fourth parties. Subsequently, this means they take on the risk associated with these organizations — and there can be up to hundreds of thousands of these business partners. These third and fourth parties are liabilities because they have the ability to access your network, and vice versa. Today, the supply chain is fragmenting; it’s easier to do business online, and with that comes the threat of exposure to vendors’ networks that are not secure.

3. A Cyber Risk assessment process that is labor intensive, qualitative in nature, and unable to scale.

When creating a risk management strategy, it’s most important to have assessment processes in place that can scale to meet the growing number of vendors that work with your business. Traditionally, assessment approaches like penetration tests and questionnaires are qualitative and episodic — they can only analyze risk at a certain point in time. While an important part of the risk management process, these labor intensive processes are not able to scale to meet the volume and timing requirements of the current risk environment.

It’s critical that organizations put into place assessments that are qualitative, quantitative, and continuous. BitSight Security Ratings meet the critical emerging needs for continuous quantitative analysis to augment the episodic, qualitative assessments. While proactively mitigating risk, it’s crucial to have a standard measurement tool when looking at both internal and third party risk. BitSight Security Ratings helps provide a quantitative measurement that reflects the dynamic nature of your business ecosystem: always changing and growing rapidly.

Get Your Rating

Suggested Posts

What You Can Do Today to Prevent A Data Breach

When it comes to data breach prevention, there are plenty of guides for reducing risk in the long term. While it’s definitely valuable to be working on a data breach prevention strategy with 6-month, 1-year, or 5-year goals, not every...

READ MORE »

BitSight EXCHANGE Sound Bites: Closing the Cyber Risk Gap

In the months since BitSight’s inaugural EXCHANGE forum inaugural EXCHANGE forum, we have been digesting and processing the incredible sessions and discussions that came about from this forum. It was a great event that brought together...

READ MORE »

What’s Behind Your Risk Matrix?

This quarter, BitSight released several new product features that enable organizations to more rapidly assess, prioritize and manage cyber risk. These new capabilities — the Portfolio Risk Matrix and Asset Risk Matrix — leverage BitSight’s

READ MORE »

Subscribe to get security news and updates in your inbox.