BitSight collects best-in-class security data through the largest proprietary data set of any security ratings provider and exclusive partnerships with proven global organizations. Using more than 120 data sources, we provide comprehensive insight into an organization’s security posture to rate performance and identify areas of risk.
Since its founding in 2011, BitSight has consistently delivered security ratings with the greatest depth and breadth of coverage for organizations operating around the globe. BitSight is the most widely used Security Rating Service, with more than 1,800 customers putting our data into action to make integral business and security decisions. Independent third parties have confirmed that BitSight Security Ratings are correlated to the likelihood of a data breach. BitSight invests heavily in research and development to empower customers with objective, verifiable, and actionable security data. We follow a rigorous, multi-month research and evaluation process for each new data source to qualify its accuracy and reliability. We leverage data on compromised systems from our proprietary sinkholing infrastructure — regarded as the largest in the world. Our team also develops strategic partnerships with global data providers to increase the diversity of perspectives that inform corporate, industrial, and sovereign security risk.
Data breaches — especially those originating from compromised third parties and vendors — are on the rise. According to a recent Bomgar study, 67% of organizations have experienced a data breach as a result of vendor access. Today, organizations need security data that clearly puts risk into business context.
BitSight helps organizations understand the risk and likelihood of a data breach. We provide insight into vulnerabilities facing your organization and your third parties. As validated by AIR Worldwide, companies with a BitSight Security Rating of 500 or lower are almost five times more likely to have a breach than those with a rating of 700 or more.
Compromised Systems are devices within an organization's network that are infected with malware. Each separate instance of malware communications, even if it is from the same machine, constitutes a single observation.
We identify and classify compromised systems into the following risk types:
Diligence records demonstrate the steps a company has taken to prevent attacks. We identify and classify diligence risk vectors as follows:
User Behavior examines activities that may introduce malicious software onto a corporate network, for example, by downloading a compromised file. We identify and classify user behavior into the following risk types:
BitSight collects information about publicly disclosed breaches and interruptions to business continuity from a variety of news sources and data breach aggregation services. A breach is attributed to a company when there is significant, publicly-disclosed evidence that the company was at fault for the data loss, such as a company-issued disclosure notice or investigation from a credit card company.