Reports Repository – Bitsight Knowledge Base

Reports allow you to gain insight into security risks and exposures within a single organization or across a portfolio of companies. If you have any questions or feedback about a specific report, please contact Bitsight Support.

Reports in the Security Performance Management application surfaces specific security risks, vulnerabilities, and remediations for your company. It offers a detailed view into the security posture of your organization. You can identify security trends and the distribution of findings within your company and investigate specific findings.
The Portfolio Dashboard highlights a Featured Report.
Data is stored to the day for up to one year.
Example: Today is April 1, 2024. Data is stored from April 1, 2023 to April 1, 2024, not all of 2023-2024.

Navigation Options

Go to Reports.

SPM App: Reports

CM App: Reports

Insurance App: Reports

Use the filters to search for reports depending on your reporting needs. Reports are organized into the following categories and subcategories:

Assessment Questionnaires
Comparisons
Findings and Infrastructure Details
History and Trends
Overview and Executive Reporting
Vendor Risk Management

Assessment Questionnaires

ISO/IEC 27001: A summary of a company’s alignment with ISO/IEC 27001 using Bitsight Security Ratings data as evidence.
NIST CSF: A summary of a company‘s alignment with the NIST CSF using Bitsight data as evidence.
Portfolio Assessment: Have visibility into aggregated risk, data breaches and security effectiveness of vendors that are in the scope of regulatory assessments.

Comparisons

Benchmarking: Compare a company and up to 5 industry peers, industries, tiers, or folders.
Company Comparison: Compare up to 5 companies in your portfolio.
Industry Ratings: Security rating averages for industries represented in your portfolio.

Findings and Infrastructure Details

3rd Party Security Incidents: Identify security incidents across your monitored third parties to understand possible points of exposure.
4th Party Security Incidents: Identify security incidents across your fourth party service providers to understand possible points of exposure.
Attack Surface Exposure: See your assets in your externally exposed attack surface.
Compromised Systems: Compromised Systems event details including infection type, start date, end date, and duration.
Diligence: Diligence details including evidence, grade, start date, end date, and risk vector specific information.
Forensics: Forensic details for Compromised Systems and User Behavior events including C&C IP address and torrent hash of malware.
Infrastructure Changes: See changes in your organization’s infrastructure and details about the change.
Infrastructure: CIDR blocks, IP addresses, and domains attributed to your organization.
Platform Usage: An overview of your organization’s Bitsight platform usage.
Portfolio Vulnerabilities: Discover the concentration of vulnerabilities across your portfolio.
User Behavior: User Behavior details including risk type, category, start date, and end date.
Vulnerability Detection: Get an extensive summary of your organization’s external attack surface.

This report is available to customers with the EASM Enhanced module for SPM. You can review the features included with the EASM Foundations and EASM Enhanced modules here.
Vulnerability Detection Evidence: See evidence for the vulnerabilities detected in your organization.

This report is available to customers with the EASM Enhanced module for SPM. You can review the features included with the EASM Foundations and EASM Enhanced modules here.

History and Trends

Infection Trends: Discover how the concentration of infections is changing across your portfolio.
Monthly Performance: Measure the effectiveness of your TPRM program using key security ratings performance indicators.
Monthly Portfolio Performance: Have visibility into the data of your entire portfolio. Understand and monitor their security posture.
Ratings History: Bitsight Security Ratings data for the past 12 months for a company including daily ratings, grades, and percentiles.
Vulnerability Trends: Discover how a concentration of vulnerabilities can change across your portfolio.

Overview and Executive Reporting

Company Overview: Security rating reports including a security performance overview and comparison to industry averages.
Company Preview: A synopsis of how a company is performing when compared to its industry peers.
Company Relative Risk: Review a company's relative risk and past Bitsight Security Rating performance.
Control Insights Executive Summary: Share your organization’s control, current evaluation, and history with your stakeholders.
Executive: Present a high-level overview of your company’s cybersecurity posture to non-technical and executive stakeholders, including company leadership, board members, investors, and shareholders.
Executive Progress: Communicate progress of your vendors’ Security Rating improvement program.
Industry Ratings: Security rating averages for industries represented in your portfolio.
Life Cycle Overview: See the companies in your portfolio across the life cycle stages.
Life Cycle Trend: See the average number of days that companies in your portfolio are in the Onboarding and Re-Assessment life cycle stages. These can be benchmarked against the portfolio average.
Performance Summary: Executive summary of your organization’s security performance with customizable notes.
Portfolio Collaboration: Get an overview of collaboration engagement across your portfolio, highlight touch-points, and track your collaboration progress (including changes in risk).
Portfolio Impact: Identify how risk is distributed across your portfolio.
Portfolio Overview: An overview of the Bitsight Security Ratings across your portfolio of companies.
Portfolio Performance: Provides insight into the level of cyber risk exposure introduced to companies in your portfolio.
Portfolio Ratings: Bitsight Security Ratings and risk vector grades for your portfolio companies.
Ransomware Analysis: See the likelihood of companies in your portfolio falling victim to a ransomware attack.
Underwriting Guidelines: Get a comparison of a client’s risk vector performance compared to your underwriting risk tolerance.

Vendor Risk Management

Available at the top-right Reports option at the top-right of Vendor Profile pages.

Findings Overview: A concise overview on the findings identified during vendor assessment.
Risk Assessment Summary: A holistic view of vendor security and risk posture.

March 24, 2025: Vendor Risk Management application reports.
January 14, 2025: Data storage clarification.
August 16, 2024: Added links to documentation for the Company Comparison, User Behavior, 4th Party Security Incidents, 3rd Party Security Incidents, Vulnerability Ratings, Ratings History, Infection Trends, Portfolio Ratings, Portfolio Overview, Life Cycle Trend, and Life Cycle Overview reports.