BitSight Announces Appointment of Michael Cusumano, Distinguished Professor of Management at MIT, as Risk Industry’s First Security Ratings Ombudsman


Reporting to the BitSight Customer Advisory Board, Ombudsman to oversee business practices and appeals for ratings

BitSight Technologies, the standard in Security Ratings, today announced the appointment of Michael Cusumano as the industry’s first ombudsman. Mr. Cusumano, the Sloan Management Review Distinguished Professor of Management at the Massachusetts Institute of Technology's Sloan School of Management, will serve as an independent party reporting directly to the BitSight Customer Advisory Board and will be responsible for evaluating ratings policies and ensuring their adherence as well as aiding in the appeals process.

Named as one of the most influential people in technology and IT by, Professor Cusumano is a Board director of several companies and has consulted for more than 90 organizations worldwide including IBM, Ford, Nokia, and Fidelity. He has published dozens of books and publications on the topic of strategy and organizational development that have had a major impact on the high technology industry.

BitSight’s flagship Security Ratings platform uses terabytes of publicly accessible data to rate the security performance of companies in various vertical industries across the world. On a daily basis, organizations are rated on a scale from 250 – 900. All rated companies, whether a BitSight customer or not, can request a formal review of their ratings. If they are not satisfied with the results of the review, they will now be able to initiate an additional review with the ombudsman.

“Organizations depend on Security Ratings for managing third-party vendor risk, presenting important security information to the board, and underwriting cyber insurance. The integrity of the ratings and the ratings organization itself are both critical,” said Shaun McConnon, CEO of BitSight. “Conflicts of interests can undermine the reputations of ratings agencies, and that is why we don’t share sensitive ratings details with third parties or discuss the specific ratings of companies in public forums. From day one, we have been committed to being objective and ensuring our process is consistent and unbiased. Adding an ombudsman further validates our position as a true ratings company.”

Prerequisites and business practices necessary for a security ratings agency include:

  1. Provide transparency about the process.
  2. Standardize treatment for customers and non-customers.
  3. Practice responsible disclosure, including not sharing sensitive information with third parties.
  4. Provide a robust appeals process.
  5. Offer assistance from an independent ombudsman as needed.
  6. Accept payment only originating from the company purchasing a rating, not the company being rated (although a company can buy their own rating).
  7. Facilitate participation and engagement with standards bodies and regulators.

For more information regarding BitSight’s policies, please visit:

About Michael Cusumano

Michael A. Cusumano is the Sloan Management Review Distinguished Professor of Management at the Massachusetts Institute of Technology's Sloan School of Management, with a joint appointment in the MIT Engineering Systems Division. He specializes in strategy, product development, and entrepreneurship in the computer software industry, as well as automobiles and consumer electronics. He teaches courses on Software & Internet Entrepreneurship as well as Advanced Strategic Management. For more information, please visit

About BitSight Technologies

BitSight Technologies is transforming how companies manage information security risk with objective, evidence-based security ratings. The company's Security Rating Platform continuously analyzes vast amounts of external data on security behaviors in order to help organizations manage third-party risk, benchmark performance, and assess and negotiate cyber insurance premiums. Based in Cambridge, MA, BitSight is backed by the National Science Foundation, Globespan Capital Partners, Menlo Ventures, Flybridge Capital Partners, Comcast Ventures, Commonwealth Capital Ventures, Liberty Global Ventures, Shaun McConnon, and Singtel Innovate. For more information, please visit, read our blog or follow @BitSight on Twitter.