Understand Your Security Rating

Common questions and answers about BitSight Security Ratings



Over 2,100 organizations are using BitSight Security Ratings to continuously monitor cyber risk in their business ecosystem. Using an approach similar to credit ratings for financial risk, BitSight customers are able to gain insight into the security posture of third parties as well as their own organization. BitSight Security Ratings are calculated on a scale of 250-900 with a higher rating indicating better security performance.


See BitSight Security Ratings in action.

Get your organization’s BitSight Security Rating and see how your security compares to industry benchmarks.

Request Your Free Rating

Frequently Asked Questions


What is BitSight?

BitSight is a Security Ratings Company that provides organizations access to reports that generate visibility into their own cyber security performance. Reports are based on continuous monitoring of externally visible objective, verifiable and actionable security events. One could formulate this as a continuous ‘criminals’ eye view’ on your organization.

Learn more about the ratings methodology and governance process.

How does BitSight calculate Security Ratings?

In this document we outline the principles and methodology behind BitSight Security Ratings, including:

  • Objectives
  • Comparison With Other Rating Systems
  • The Ratings Process
  • Network Mapping
  • Risk Vectors, Grading and Weighting
  • ...and more

Read the full document to learn more


What can I use BitSight for?

As a part of this program you can use BitSight to:

  • Gain visibility in your security posture consisting of 23 risk vectors
  • Validate and manage your digital (cloud) footprint 
  • Use the underlying data to immediately prioritize and remediate your risk
  • Benchmark your organization's security rating to the vertical you belong to
  • Use the security event data to improve the underlying processes that are now in place in your organization to ensure endpoint protection, configuration of internet facing assets, email security etc 
  • Discover shadow IT and unknown risk
  • Continuously monitor your (cloud) infrastructure and the risk related to it
  • Communicate more easily to different stakeholders about your organization's security posture
How are Security Ratings verified?

BitSight believes in the value of cybersecurity ratings because we know they represent more than just what’s happening within your attack surface. As the only cybersecurity rating independently verified by external organizations, BitSight takes program and vendor risk management a step further to ensure companies are equipped with a trusted view of their cybersecurity hygiene.

Learn More

How are Security Ratings disputes handled?

This document highlights our dispute resolution process for any rated entity (organization that has been rated by BitSight), including:

  • Disputing Data and Findings
  • Ratings and Calculation Disputes
  • Appeals and Adjudication

Read the full document to learn more


How can I get training to operate with the platform?
To bring you and your team up to speed with how to use and understand the information available in the BitSight platform and your report, BitSight has designed educational content available through BitSight Academy, BitSight Connect, and the BitSight Knowledge Base. Additionally, BitSight will invite you to a webinar that will be planned specifically for participants of this program.
Why was I sent a BitSight report?

You may have received a BitSight report from a company you work with. Your BitSight report includes your rating and details behind each risk vector in our platform. However, to get detail into specific security issues occurring within your organization’s digital footprint including IP addresses, you must access the BitSight platform.

All organizations have the right to access to BitSight platform to receive these details free of charge. To inquire about gaining access to the BitSight Security Rating Platform, please email eva@bitsight.com.