Security Ratings

Why We Collaborated with Verizon on the Verizon Risk Report

Dave Fachetti | May 9, 2018

When 1+1 Truly Equals 3

Recently, Verizon announced the Verizon Risk Report (VRR), a new managed service offering that provides a security assessment framework to enable customers to gain a comprehensive view of their cyber risk. By combining external cybersecurity ratings, internal analysis, and culture and process assessments, Verizon is able to provide customers with a holistic profile of security performance and current posture, enabling customer to prioritize security investment and mitigate risks.

The launch of this innovative service underscores Verizon’s commitment to remaining a market- leading managed security service provider (MSSP) and shifting the security conversation away from a solutions and tools-oriented approach to a more strategic one around managing dynamic cyber risk. As a leader in security ratings, BitSight is aware that quantitative external measurement is a critical component to understanding, prioritizing and mitigating cyber risk. Verizon is committed to leveraging their leading data while BitSight Security Ratings serves as an objective, consistent standard for organizations (and the market) to reconcile to.

When BitSight began to discuss and develop a joint vision centered around this idea with Verizon last year, it was clear to us that this was something that we should not only support but help advance. We knew this could dramatically move forward the way companies prioritize and allocate resources to address cyber risk; a security rating is a core part of most assessment, risk, and security conversations. We are firm believers in the phrase, “if you can measure it, you can improve it.” The VRR is a powerful manifestation of that concept.

BitSight Security Ratings’ role in the VRR is to provide an objective, industry-standard view of an organization’s security performance as part of an overall comprehensive 360 degree view. This includes quantitative and qualitative assessments. The Verizon Risk Report arms customers with BitSight ratings and other external data which, alongside internal data from security tools and process assessments, will provide customers with a comprehensive view of their security performance. Customers will be able to access BitSight Security Ratings and risk vector grades within the VRR, as well as drill down into more detail on forensics. Within the VRR, Verizon leverages their proprietary Data Breach Investigations Report (DBIR) industry insights to drive additional actionability for the customer. For example, users will be able to see BitSight risk vectors that are prioritized by industry threat patterns from data that Verizon collects in the DBIR.

The Verizon Risk Report closely aligns with BitSight’s mission to bring quantitative measurement and data to cyber risk decision making. BitSight and Verizon plan to continually invest to combine our leading expertise and data to drive additional value for customers. Ongoing areas of investment include data science collaboration to better understand the relationship between external and internal security performance measurement, the creation of algorithms to correlate BitSight data to data collected by Verizon via third party tools, and other activities meant to drive new insights and value for customers. This unique relationship will enable both organizations to continue to help customers prioritize and allocate resources to reduce risk through data-driven insights.

The VRR is an industry-shifting approach to how organizations are able to measure and prioritize their own risk and allocate security spend accordingly. We are excited to collaborate with Verizon as it highlights our growth as a global company and as the leader in objective, data-driven security ratings.

How well do you know your security posture? Find out with the Verizon Risk Report.

Suggested Posts

BitSight Study: Healthcare Sector is Far Too Vulnerable to Cyber Threats

Healthcare is under attack. Hospitals, doctors’ networks, insurance companies, and others are prime targets for hackers due to the valuable protected health information (PHI) they store and the vital role they play in our nation’s critical...


What Boards of Directors Are Missing about Cybersecurity

Cyberattacks have increased significantly in recent years, bringing vital conversations about cybersecurity into the Boardroom. As Board oversight of cybersecurity has increased, Board members — even those without technical expertise —...


Research Paper Validates Security Ratings’ Correlation to Likelihood of Breach

This spring, the research paper titled “Risky Business: Assessing Security with External Measurements” was published on Cornell’s academic resource site. Authored by former BitSight data scientist, Jay Jacobs, as well as fellow academics...


Subscribe to get security news and updates in your inbox.