New Study Finds Significant Correlation Between Bitsight Analytics and Cybersecurity Incidents

Marsh McLennan and BitSight-Make Better Cybersecurity Decisions with Data Analytics Blog

New research by the Marsh McLennan Cyber Risk Analytics Center (Marsh McLennan) finds 14 Bitsight analytics have statistically significant correlation with cybersecurity incidents. Cybersecurity and cyber risk stakeholders will be able to leverage these insights to prioritize program investments, lower the probability of experiencing an incident, improve cyber insurance underwriting, and make other critical risk decisions.

Click here to learn the 14 Bitsight Analytics Significantly Correlated with Cyber Incidents

Marsh McLennan analyzed Bitsight security performance data across 365,000 organizations and its own proprietary cybersecurity incidents and claims database from 2018-2021, comparing the security performance data of thousands of organizations that experienced cybersecurity incidents against those that did not. The study concluded that poor performance in certain areas – including the Bitsight Security Rating and 13 risk vectors – increased an organization’s risk of experiencing a cybersecurity incident, while strong performance implied a lower risk of incident.

“After comparing the security performance data of thousands of organizations that experienced cybersecurity incidents against those that did not, we identified a statistically significant correlation between Bitsight Security Ratings and the likelihood of a cybersecurity incident,” said Scott Stransky, managing director and head of the Cyber Risk Analytics Center at Marsh McLennan.

Of the 14 Bitsight analytics significantly correlated with cybersecurity incidents, Bitsight’s Patching Cadence risk vector ranked number one. The Patching Cadence risk vector measures how many systems within an organization’s network are affected by important vulnerabilities, and how quickly the organization remediates them. Organizations with poor performance in this area are significantly more likely to experience a cybersecurity incident.

Rapid changes in the cybersecurity landscape have created a renewed sense among stakeholders of how to reduce the likelihood of business-impacting cybersecurity incidents and strengthen cyber resilience. With the stakes higher than ever, market participants can benefit from analytics that demonstrate which cybersecurity improvements are likely to yield the highest impact. Cybersecurity and cyber risk stakeholders are encouraged to leverage these findings to better serve their respective stakeholders and make more informed and data-backed decisions.

For more information about the study and/or Bitsight’s capabilities please contact Bitsight.

Check out our On-Demand webinar to hear more about this research from Bitsight experts. Download here.

Read the data science white paper to gain an advanced understanding of these groundbreaking findings. Download here.