BitSight, the Standard in Security Ratings, today released a new report titled, “The Buck Stops Where? Assessing The Cybersecurity Performance of the Finance Supply Chain.” The report analyzes the finance industry, a leading industry in managing third-party cyber risk, to assess the security of its supply chain. BitSight data scientists found that in most cases, companies in the finance industry supply chain are not meeting the same security standards that finance companies hold for their own organizations.
“While finance organizations tend to have more sophisticated vendor risk management programs, there is a lot of work to be done to close the performance gap between their own organizations and their immediate business ecosystem,” said Stephen Boyer, co-founder and CTO of BitSight. “The findings of this report are not only relevant for the finance sector, but for companies across all industries who share data with and rely upon external business services. Organizations should scrutinize the security culture and controls of their third and fourth parties. Ensuring that your vendor’s systems are up-to-date and that their employees are not engaging in risky peer-to-peer file sharing is one way to reduce immediate third party cyber risk.”
The spread of BitSight Security Ratings amongst Finance Firms and monitored Legal, Technology, and Business Services organizations as of September 1st, 2017.
As part of the study, BitSight researchers evaluated the security posture of more than 5,200 legal, technology (information technology and software providers), and business services (accounting, human resources, management consulting and outsourcing) organizations across the globe, whose security ratings are tracked and monitored by hundreds of finance firms using the BitSight Security Rating platform. These industries represent a set of critical vendors and business partners for any organization and the findings are designed to help security and risk professionals shape the way they monitor vendors in order to identify immediate risks that may impact their organization.
Using evidence of security incidents from networks around the world, the BitSight Security Ratings Platform applies sophisticated algorithms to produce daily security ratings for organizations, ranging from 250 to 900, where higher ratings equate to lower risk. Previous studies from BitSight, independently verified by third parties, show that companies with a Security Rating of 500 or lower are almost five times more likely to experience a publicly disclosed breach than companies with a Security Rating of 700 or higher. Studies also show that organizations with a higher frequency of botnet infections, actual system compromises, experience a higher likelihood of breach.
To download a full copy of the BitSight Insights report, including recommendations based on the findings, visit http://bitsig.ht/2ypzRkJ.
BitSight is transforming how companies manage information security risk with trusted, time-tested and actionable security ratings. Founded in 2011, the company built its Security Ratings Platform to continuously analyze vast amounts of external data on security issues and behaviors in order to help organizations manage third party risk, underwrite cyber insurance policies, benchmark performance, conduct M&A due diligence and assess aggregate risk. Seven of the top 10 cyber insurers, 80 Fortune 500 companies, and 3 of the top 5 investment banks rely on BitSight to manage cyber risks. For more information, please visit www.bitsighttech.com, read our blog or follow @BitSight on Twitter.