How 400 Organizations Are Using BitSight Security Ratings in their Day-to-Day Processes

Noah Simon | March 9, 2016

BitSight has grown tremendously over the last few years, and we’ve learned a lot about the many ways our customers are using BitSight Security Ratings. With over 400 customers (including 42 Fortune 500 companies) and 2,000 users from diverse industry sectors, companies from around the globe are now using BitSight Security Ratings to gain insight into their security performance. Moreover, companies are using their ratings to identify and mitigate third party risk in addition to any immediate threats emerging on their own networks. Here’s a look at how BitSight has been adopted at organizations across a few industries.

Cyber Insurance

Seven of the top 10 insurers are now using BitSight for a wide variety of purposes. AIR Worldwide (AIR) is using BitSight in effort to build an advanced cyber risk model. Using this model, AIR will help insurers assess and identify risk across entire supply chains to identify single points of failure and mitigate aggregate risk.

AIG has included BitSight in its CyberEdge program that provides AIG cyber insurance clients with access to the BitSight platform and tools to help manage third party vendor risk.


For Christopher Porter, CISO for Fannie Mae, BitSight Security Ratings enable him to run a comprehensive third party risk management program. Detailing his selection and use of BitSight, Chris stated: “We want to have a better continuous monitoring of our third parties in place. Before BitSight, we didn’t have that”.

As the leading source of residential mortgage credit in the United States, Fannie Mae is a very large organization dealing with thousands of vendors. Using BitSight Security Ratings enables Chris and his team to assess and monitor the security posture of third parties at scale. Most importantly Chris had a great deal of confidence in BitSight data.


Private Equity

In today’s threat landscape, private equity firms must understand the security posture across their portfolio. KKR is one of many firms using BitSight to monitor the security its companies which span numerous industries. Many in this industry are also assessing the security of companies they plan to take a stake in order to mitigate risk in advance.

Higher Education

BitSight Security Ratings have been adopted for IT departments at small liberal arts schools and large universities. Chris Schreiber, Information Security Officer at the University of Arizona uses BitSight as part of a cloud-first security strategy to maximize the impact of a limited staff . In addition to benchmarking their security performance to local peers, uses forensic information from BitSight, giving them detailed visibility into malicious activity on their networks. These details are critical when protecting the personally identifiable information (PII) for students and faculty across large networks.


For Jack Nichelson, Director of IT Infrastructure and Security at Chart Industries, BitSight Security Ratings provides detail into the effectiveness of their security program. These insights are used to help decide where to concentrate spending and resources. Jack also relays this information to his board, who ensures that the company is spending and allocating security resources effectively. 


Suggested Posts

What Companies Using Cloud Services Need To Know About Their Risk Responsibilities

Cloud computing is not new to the cyber world; it’s here to stay. Web services are common in our everyday lives and workplaces, with things like Facebook, Salesforce, JIRA, Adobe, and GSuite all falling into the cloud-based category. But...


Joint Effort with Microsoft to Disrupt Massive Criminal Botnet Necurs

Since 2017 BitSight has been working together with Microsoft’s Digital Crimes Unit (DCU) to understand the inner workings of the Necurs malware, its botnets and command and control infrastructure in order to take disruptive action against...


Forecasting and Advanced Analytics: Building a Solid Security Strategy For 2020

2020 is not only the beginning of a new year, but the start of a new decade, and with it comes the dawn of a new era for the digital world. We’re now in the midst of the once far-off, “futuristic” time periods old books and movies used to...


Subscribe to get security news and updates in your inbox.