<img height="1" width="1" style="display:none" src="https://www.facebook.com/tr?id=1175921925807459&amp;ev=PageView&amp;noscript=1">
Security Ratings

Why Historical Security Data Matters in Vendor Risk Management

Noah Simon | October 22, 2015

In today’s cyber threat landscape, organizations must know how secure they are at any given time. One of the most important questions that security professionals and risk managers can ask is “how secure am I right now?”

However, there is an equally important question: “how has my security posture changed over the past year?” Organizations must first ensure they have controls in place to reduce the likelihood of cyberattacks; however, security resources and spend may not be efficiently allocated if they aren’t looking back in time to measure the effectiveness of their efforts. This cannot be done without historical security metrics.

This concept also applies for vendor risk management. A vendor or supplier may be secure today, but have they had security incidents in the past? How has their performance changed over time? Are there incidents that have caused changes in their performance? How are they responding to those issues now? Without historical data that spans a year or more, organizations may be entrusting third parties with potential vulnerabilities, exposing them to significant cyber risk.

Historical security data is not unlike historical stock prices. Most people would not invest in a company if they could only see today’s current stock price. As any researcher or analyst knows: context is everything. Savvy investors look at stock indexes that span back at least one year. And while many investors know not to overreact to small fluctuations in stock prices, they know it is an important baseline for decision making.


The same is true for vendor risk management. With historical context about an organization’s security posture, security and risk teams can make critical business decisions with utmost confidence. Without it, organizations may be flying blind.

DOWNLOAD GUIDE: 5 WAYS VENDOR RISK MANAGEMENT PROGRAMS LEAVE YOU IN THE DARKDownload Guide: 5 Ways Vendor Risk Management Programs Leave You In The Dark

Ignoring a vendor's security posture over time is just one way you can be left in the dark. Download this guide to learn what else may be putting your organization at risk.


Suggested Posts

Research Paper Validates Security Ratings’ Correlation to Likelihood of Breach

This spring, the research paper titled “Risky Business: Assessing Security with External Measurements” was published on Cornell’s academic resource site. Authored by former BitSight data scientist, Jay Jacobs, as well as fellow academics...


What Are Security Ratings?

Security ratings are a data-driven, objective and dynamic measurement of an organization’s security performance. Thousands of organizations around the world use BitSight Security Ratings as a tool to address a variety of critical,...


The Board’s Role in Managing Disruptive Risk: Enter Security Ratings

Today, disruptive risks are an area of focus for corporate directors worldwide. On a global basis, we face disruptions in areas like geopolitical volatility, economic slowdown, emerging technologies, cybersecurity threats, and climate...


Subscribe to get security news and updates in your inbox.