To make the Bitsight Security Rating more valuable, accurate, and actionable, we periodically update our ratings algorithm. We use internal and external research data to improve the correlation of the rating with real-world cybersecurity incidents and to better align the rating with the cyber threat landscape. These updates ensure that the Bitsight Security Rating is the best external indicator of the performance of cybersecurity controls.
Algorithm updates are a common practice across rating industries. Updates allow Bitsight to adapt as the cybersecurity landscape evolves. Currently, several forces affect the landscape and create additional cyber risk for every organization:
- The growing digital footprint of organizations, driven by recent investments in digital transformation.
- A rise in the scope and scale of cyber attacks.
- Increasing efforts by threat actors to monetize cyber attacks.
- Increasing oversight from capital markets and regulators.
Studies
Research studies conducted during 2021 and throughout 2022 provided a path for improving the correlation of the Bitsight Rating with cybersecurity incidents. We analyzed the correlation of the Bitsight rating and a subset of Bitsight risk vectors with ransomware incidents. In addition, an external study published by the Marsh McLennan Cyber Risk Analytics Center found 14 Bitsight analytics to be significantly correlated with cyber incidents.
- February 5, 2025: Separated from the 2023 RAU overview.
Feedback
0 comments
Please sign in to leave a comment.