Bitsight Security Ratings are the results of the aggregation of all risk vector letter grades (with different weights) that are normalized for that company.
Security ratings are based on a 10-point rating system that’s rounded down in 10 point increments. If the current rating is 740, this is a representation of the combined assessments of all risk vectors. The actual rating may be somewhere between 740 and 749.
An actual rating of 735 is represented as a 730.
The fluctuations in security ratings coincides with the daily shifts in:
- The number of new observations.
- Adjustments when events fully decay or when records complete their lifetime and no longer impact the rating.
The displayed rating changes in 10-point increments. However, the underlying rating is computed on a finer scale.
A rounding off method is implemented to prevent small changes in the underlying rating from impacting the displayed rating, which depends on previous values of the rating. There are different criteria for when the 10-point drops versus when the rating rises by 10 points.
When the combined risk vectors are given an assessment, the subtle differences may increase or decrease the overall Security Rating with no visible changes to the individual risk vector letter grades (the risk vectors did not change to the next A-to-F letter grades).
A slight increase in observations for a few combined risk vectors may have been sufficient enough to decrease the overall rating of 741 (represented as 740) to a 739 (represented as 730).
The opposite is also true. If there are minor improvements to the individual risk vectors and the overall score is 749 (represented as 740), the significant improvement to an actual rating of 755 (represented as a 750).
- December 19, 2025: Language updated per RAU update.
- January 23, 2025: Corrected the first rounding method example.
- December 5, 2024: Rounding method examples for 2024 RAU.
- April 20, 2023: Rounding method examples for 2023 RAU.
Feedback
0 comments
Please sign in to leave a comment.