The Future Is Cyber Risk Intelligence

Risk is expanding faster than most organizations can measure it, communicate it, and act on it. The convergence of AI, an ever-expanding attack surface, and deep, often hidden supply chain risks—extending into third-, fourth-, and fifth-party connections—all pose strategic and material risks to companies. Security leaders are ultimately looking for better ways to identify risk, prioritize action, and support stronger risk decisions across the entire business ecosystem.

This is the world we built Bitsight for. This week, we are proud to announce that Bitsight has been named a Leader in The Forrester Wave™: Cybersecurity Risk Ratings Platforms, Q2 2026.

According to Forrester’s evaluation, Bitsight achieved the highest possible scores across 11 criteria, the most of any vendor evaluated. Specifically, we received the highest score in the Current Offering category and tied for the top score in the Strategy category. In our opinion, we are clearly separated from any competitor in the market.

We believe this recognition validates Bitsight’s leadership and reflects our focus: building an intelligent platform that doesn’t just measure risk, but delivers insights to help organizations reduce it. As the Forrester report notes, the “real value of CRR platforms is in the data and intelligence underlying a rating and their ability to surface actionable risk findings when this data is used correctly.” We are excited to receive important recognition from Forrester as we continue to shape the future of cybersecurity through Cyber Risk Intelligence.

The rise of Cyber Risk Intelligence

While we celebrate our position as a Leader in the Cybersecurity Risk Rating Platforms category, we are committed to shifting the market’s focus to a new, broader category: Cyber Risk Intelligence (CRI).

We define Cyber Risk Intelligence as a data-driven approach to addressing modern cyber risk. It is the ability to bring deep data about an organization’s extended attack surface (including their 3rd/4th/nth party supply chain risk and broader business ecosystem), plus their exposures, vulnerabilities, and threat actor activity together into one platform. This approach unlocks the underlying intelligence behind the powerful metric of the rating, combining a real-time understanding of the attack surface with the business context needed to assess significance and take action. The goal is to create a platform and meaningful analytics to help organizations understand, prioritize, and remediate cyber risk.

Forrester itself recognizes the need for this evolution, noting that Security and Risk (S&R) professionals find huge value in the data and intelligence underlying a rating. Platforms must be able to surface these actionable risk findings and deliver them to reduce risk. As the market matures, vendors are evolving their roadmaps to focus on gleaning better insights and delivering them as findings that concretely reduce customer risk.

Bitsight’s vision: The CRI Platform

We are actively investing in our platform to deliver a comprehensive suite of Cyber Risk Intelligence solutions.

The basis of any intelligent platform is data. Data breadth, depth, and quality are critical because they provide the backbone for the insights that enable risk reduction. True risk management depends on trusted, correlated, and important inputs. Accurate asset attribution, strong data coverage, transparent methodology, and security performance analytics are not technical details: they are the foundation for critical decisions affecting remediation priorities, third-party oversight, and executive confidence. In The Forrester Wave™, customers praised the utility of Bitsight’s data across their programs.

The Bitsight CRI Platform is a living, actionable “map” of assets, exposures, and threats across the open, deep, and dark web. It is designed to help teams focus on the exposures and nth party risks that matter most right now, enriched with threat context and peer benchmarking on millions of organizations.

Our platform delivers this vision by combining key intelligence components:

• Extended attack surface: Includes on-premise, cloud, subsidiaries, IPs, domains, Shadow IT, and 3rd and 4th parties.
• Exposure and vulnerabilities: Details CVEs, open ports, malware, ransomware, outdated software, SSL Configuration, and DMARC.
• Threat intelligence: Provides insights on threat actors, APTs, Indicators of Compromise (IOCs), stolen credentials, and surveillance of the deep and dark web.
• Business context: Layers on context around products, software, services, business purpose, and asset importance.

AI is becoming a force multiplier across our platform. Not as a standalone capability, but as an amplifier of the differentiated data we’ve built over more than a decade. Our unique combination of exposure data, supply chain intelligence, and threat intelligence creates a foundation that AI can reason on top of to deliver differentiated outcomes for customers.

We are applying AI across this foundation to help customers move faster and with more confidence, surfacing what matters, connecting signals across domains, and reducing the noise that slows teams down. The result is not just more automation, but better decisions.

We believe the power of AI in cybersecurity is directly tied to the quality and depth of the underlying data. That’s why we are investing aggressively in applying AI across our datasets to unlock new insights, drive prioritization, and ultimately help our 3,500+ customers stay ahead of risk.

Looking forward

We are excited to see Forrester recognize platforms that support real risk reduction. With this recognition, we believe Forrester is validating Bitsight’s approach of focusing on outcomes and high-quality intelligence is the true way forward.

Moving ahead, we are doubling down on what matters most. For governance leaders, that means continuing to strengthen the CRI Platform as the foundation for smarter, risk-based decisions. For security teams, it means investing to enable faster, more decisive action against real exposure. This recognition isn’t a finish line, for us, it’s validation of what we’re building toward.

We encourage you to read the report and speak with us about how the Bitsight CRI Platform can help your organization move beyond measuring risk to decisively reducing it.