Read about the latest cybersecurity news and get advice on third-party vendor risk management, reporting cybersecurity to the Board, managing cyber risks, benchmarking security performance, and more.

InSights Blog
Read about the latest cybersecurity news and get advice on third-party vendor risk management, reporting cybersecurity to the Board, managing cyber risks, benchmarking security performance, and more.
Gartner Predicts 2022: Cybersecurity Leaders Are Losing Control in a Distributed Ecosystem

Gartner Predicts 2022: Cybersecurity Leaders Are Losing Control in a Distributed Ecosystem
This report from Gartner reveals cybersecurity predictions about culture, the evolution of a leader’s role, third-party exposure, and the board’s perception of cyber risk. Download the report to learn key findings, market implications, and recommendations.

BitSight teamed with Moody’s Investors Service to discuss the cybersecurity trends to watch in 2023 and how security leaders can adapt their programs to increase preparedness.

Cyber risk quantification methods can help you talk about risk in terms of business and financial impacts. Here’s how to find the right method for your organization.

Launching in 2023, representatives from the public and private sectors intend to form a labeling system where products are rated based on their cybersecurity.

Discover the performance areas policymakers should begin measuring, why these are important and how they should collect the data.

While security ratings are a great way to demonstrate that you’re paying attention to the cyber health of the organization you also need to show that you’re adhering to industry and regulatory best practices for IT security and making informed decisions for the long-term. A cybersecurity framework can help.

The NCUA Board approved a proposed rule that would require a federally insured credit union (FICU) to notify the NCUA as soon as possible but no later than 72 hours after they reasonably believe that a reportable cyber incident has occurred.

New guidance from the U.S. National Institute of Standards and Technology (NIST) provides important information for organizations seeking to improve their software supply chain security. NIST recommends a variety of best practices.

The federal government is using every tool possible to deter and disrupt retaliatory cyberattacks against critical national infrastructure. With the Strengthening American Cybersecurity Act, agencies are required to report cybersecurity incidents within a 72 hour period. Learn more.

Are organizations prepared to meet new cyber incident disclosure requirements? The latest report from BitSight's data analysts shows it might be easier said than done.

Rapidly evolving risk and the digitization of banking is creating new threats. Here are three cybersecurity in banking trends to watch this year.

The Digital Operational Resilience Act is set to go into action in early 2022. Learn how BitSight can help your organization meet the compliance requirements.

What does your organization consider an acceptable level of inherent cyber risk in its vendor portfolio? Learn how to establish that threshold and focus resources where they’re needed most.

As cyber threats evolve and business models change, maintaining a mature cybersecurity program can be challenging. You need to be confident that your organization’s current security tools and techniques are effective.

If you operate in specific sectors, cybersecurity maturity is more than a best practice, it’s a regulatory requirement. These regulations are complex and constantly changing. To help you better understand your organization's regulatory environment and the standards and controls they stipulate, let's break down key cyber compliance regulations by industry.

BitSight, the Standard in Security Ratings, has established itself as not only a clear leader in security ratings but now also in the burgeoning field of data privacy.
In an effort to demonstrate to its customers how seriously it takes protecting their data, and to lead the market to implement more comprehensive data privacy systems and practices, BitSight is now the proud recipient of TrustArc’s TRUSTe APEC CBPR Enterprise Certification and the TRUSTe APEC PRP Enterprise Certification.
In order to receive this designation, BitSight completed a demanding certification process based on a comprehensive set of requirements governing data privacy management practices, including the privacy standards set forth in the APEC Cross Border Privacy Rules (CBPR) and the APEC Privacy Recognition for Processors (PRP) Systems. These practices are further detailed in the TRUSTe Enterprise Privacy & Data Governance Practices Assessment Criteria.
In an effort to demonstrate to its customers how seriously it takes protecting their data, and to lead the market to implement more comprehensive data privacy systems and practices, BitSight is now the proud recipient of TrustArc’s TRUSTe APEC CBPR Enterprise Certification and the TRUSTe APEC PRP Enterprise Certification.
In order to receive this designation, BitSight completed a demanding certification process based on a comprehensive set of requirements governing data privacy management practices, including the privacy standards set forth in the APEC Cross Border Privacy Rules (CBPR) and the APEC Privacy Recognition for Processors (PRP) Systems. These practices are further detailed in the TRUSTe Enterprise Privacy & Data Governance Practices Assessment Criteria.
Get the Weekly Cybersecurity Newsletter
Subscribe to get security news and industry ratings updates in your inbox.