Why We Collaborated with Verizon on the Verizon Risk Report

When 1+1 Truly Equals 3

Recently, Verizon announced the Verizon Risk Report (VRR), a new managed service offering that provides a security assessment framework to enable customers to gain a comprehensive view of their cyber risk. By combining external cybersecurity ratings, internal analysis, and culture and process assessments, Verizon is able to provide customers with a holistic profile of security performance and current posture, enabling customer to prioritize security investment and mitigate risks.

The launch of this innovative service underscores Verizon’s commitment to remaining a market- leading managed security service provider (MSSP) and shifting the security conversation away from a solutions and tools-oriented approach to a more strategic one around managing dynamic cyber risk. As a leader in security ratings, BitSight is aware that quantitative external measurement is a critical component to understanding, prioritizing and mitigating cyber risk. Verizon is committed to leveraging their leading data while BitSight Security Ratings serves as an objective, consistent standard for organizations (and the market) to reconcile to.

When BitSight began to discuss and develop a joint vision centered around this idea with Verizon last year, it was clear to us that this was something that we should not only support but help advance. We knew this could dramatically move forward the way companies prioritize and allocate resources to address cyber risk; a security rating is a core part of most assessment, risk, and security conversations. We are firm believers in the phrase, “if you can measure it, you can improve it.” The VRR is a powerful manifestation of that concept.

BitSight Security Ratings’ role in the VRR is to provide an objective, industry-standard view of an organization’s security performance as part of an overall comprehensive 360 degree view. This includes quantitative and qualitative assessments. The Verizon Risk Report arms customers with BitSight ratings and other external data which, alongside internal data from security tools and process assessments, will provide customers with a comprehensive view of their security performance. Customers will be able to access BitSight Security Ratings and risk vector grades within the VRR, as well as drill down into more detail on forensics. Within the VRR, Verizon leverages their proprietary Data Breach Investigations Report (DBIR) industry insights to drive additional actionability for the customer. For example, users will be able to see BitSight risk vectors that are prioritized by industry threat patterns from data that Verizon collects in the DBIR.

The Verizon Risk Report closely aligns with BitSight’s mission to bring quantitative measurement and data to cyber risk decision making. BitSight and Verizon plan to continually invest to combine our leading expertise and data to drive additional value for customers. Ongoing areas of investment include data science collaboration to better understand the relationship between external and internal security performance measurement, the creation of algorithms to correlate BitSight data to data collected by Verizon via third party tools, and other activities meant to drive new insights and value for customers. This unique relationship will enable both organizations to continue to help customers prioritize and allocate resources to reduce risk through data-driven insights.

The VRR is an industry-shifting approach to how organizations are able to measure and prioritize their own risk and allocate security spend accordingly. We are excited to collaborate with Verizon as it highlights our growth as a global company and as the leader in objective, data-driven security ratings.

How well do you know your security posture? Find out with the Verizon Risk Report.