Independent Study Confirms Continuous Monitoring Gives Organizations Greater Control of Vendor Risk Management

83 Percent of North American and European Organizations Find Continuous Monitoring to be Very to Extremely Valuable in Understanding Their Vendors’ Security Posture

BitSight, the Standard in Security Ratings, today released the results of a March 2018 commissioned study conducted by Forrester Consulting titled “Take Control of Vendor Risk Management Through Continuous Monitoring.” The findings reveal that current methods for managing third-party risk are inefficient and that companies must adopt continuous monitoring to detect security and risk issues to better understand their vendors’ cybersecurity posture and overall risk posed to their business.

“I believe this study validates what we’ve always known, continuous monitoring is critical for effective vendor risk management,” stated Tom Turner, CEO of BitSight. “Understanding the security performance of your third-party ecosystem in real time enables companies to make better risk decisions quicker and at scale. With 1,000 customers actively monitoring and engaging with over 100,000 third parties, BitSight is driving innovation that we believe closely aligns with the findings of this study.”

The study surveyed 251 IT, risk, compliance and security decision makers in North America and Europe. Participants included managers, directors, vice presidents and c-level executives from organizations ranging from 1,000 to over 20,000 employees.

Key Findings:

  • It typically takes between two weeks and two months to adequately assess a vendor’s cybersecurity posture. It took 88% of organizations over two weeks to assess vendors’ cybersecurity using manual methods, leaving many organizations exposed to security control and performance gaps.
  • Outside vendor analytics are important. 87% of firms said a mixture of in-house and analytics from an outside vendor are very to extremely important when assessing third-party cyber risk management.
  • Firms recognize the value of continuous monitoring. 83% of firms said more frequent or continuous monitoring of their vendors’ cybersecurity posture would be very to extremely valuable.
  • Continuous monitoring is more than an annual survey. 49% of firms believe a key benefit of better third-party cyber risk management is improved vendor communication.
  • Firms are making the connection between continuous monitoring and improved security. 51% of firms believe a key benefit of third-party cyber risk management is improving collaboration to remediate security issues.

To download a full copy of the study, please visit

About BitSight

Founded in 2011, BitSight transforms how organizations manage information security risk. The BitSight Security Ratings Platform applies sophisticated algorithms, producing daily security ratings that range from 250 to 900, to help manage third party risk, underwrite cyber insurance policies, benchmark performance, conduct M&A due diligence and assess aggregate risk. Organizations worldwide, including seven of the top 10 cyber insurers, 20% of Fortune 500 companies, and 3 of the top 5 investment banks use BitSight’s proven Security Ratings technology on a daily basis to make integral risk and business decisions. With over 1,000 customers and the largest ecosystem of users and information, BitSight is the most widely used Security Ratings Service. For more information, please visit, read our blog or follow @BitSight on Twitter.