Annual BitSight Insights Industry Analysis Report Rates Cyber Security Performance of Finance, Federal Government, Retail, Energy and Utilities, Healthcare and Education Industries
BitSight Technologies, the standard in Security Ratings, today released the third annual BitSight Insights Industry Benchmark report, which analyzed Security Ratings of nearly 10,000 organizations in six industries – finance, federal government, retail, energy and utilities, healthcare and education. The objective was to highlight quantifiable differences in security performance across industries from August 1, 2014 to August 1, 2015. The study revealed: challenging performance trends in the critical energy and utilities sector, the federal government (despite recent headlines) as a high performing industry second only to finance, and widespread POODLE and FREAK vulnerabilities across industries.
“There is no question that energy and utility systems are vulnerable and will be attacked. Organizations will never be able to protect against everything, but they need to continuously monitor their security posture in order to identify and mitigate issues before too much damage is done,” said Stephen Boyer, co-founder and CTO of BitSight. "Benchmarking can also serve as a key indicator of security performance, allowing an organization to better understand their own posture, as well as that of the third parties with which they share their data. Given recent headlines that illustrate this security gap, we must look beyond our own companies and focus attention on those that access our information."
BitSight uses publicly accessible data to rate companies’ security performance on a daily basis. Observed security events and configurations, such as communication with a botnet, malware distribution, and email server configuration, are assessed for severity, frequency and duration and used to generate objective Security Ratings. BitSight Security Ratings range from 250 to 900, with higher ratings equating to higher security performance. Industry ratings are calculated using a simple average of the BitSight Security Ratings of companies in that sector.
Energy and Utilities are performing lower than the Retail sector
The Federal Government - currently in the spotlight in the wake of the Office of Personnel Management mega breach - is the second highest performing sector
While companies across all industries have mostly updated their servers to protect against Heartbleed, many have failed to act when it comes to POODLE and FREAK
Year-over-year, leaders and laggards remain the same
To download a full copy of the BitSight Insights report, visit http://bitsig.ht/1FbyHe0. To download a ZIP file containing high resolution versions of the charts and graphs included in the report, click here.
About BitSight Technologies
BitSight Technologies is transforming how companies manage information security risk with objective, evidence-based security ratings. The company's Security Rating Platform continuously analyzes vast amounts of external data on security behaviors in order to help organizations manage third-party risk, benchmark performance, and assess and negotiate cyber insurance premiums. Based in Cambridge, MA, BitSight is backed by the National Science Foundation, Globespan Capital Partners, Menlo Ventures, Flybridge Capital Partners, Comcast Ventures, Commonwealth Capital Ventures, and Liberty Global Ventures. For more information, please visit www.bitsighttech.com or follow @BitSight on Twitter.