Security Performance Management
Continuous Monitoring
Cyber Insurance
National Cybersecurity

Articles in this section

See more

Prioritizing Risk Vectors for Remediation Using Peer Analytics

Avatar
Ingrid
Follow
  • July 24, 2023: New Peer Group Location filters.
  • May 16, 2023: Relocated Peer Analytics to the Peer Comparison menu.
  • April 19, 2023: 2023 RAU weight adjustments.

Refer to this guide to define your desired level of security performance and determine how it can be achieved with an objective, data-driven approach to comparing companies with peer groups using Peer Analytics.

Navigation Options

SPM App: Peer Comparison ➔ Peer Analytics

Insurance App: Portfolio Risk ➔ Peer Analytics

(1) Choose a Peer Group

Refer to the Peer Recommender when creating your peer group.

Select the Edit Comparison button at the top-right to designate a peer group for comparing your selected company against. Once designated, the peer group will be overarching throughout this workflow. Save your peer group and redefine it at any time.

This must return at least 100 companies to have sufficient data for comparison.

  • Select an “Industry” or refine your peer group to “Sub-industries.” This defaults to your own industry and all sub-industries.
  • Define a “Peer Group Location” that limits your peer group to a region or countries within that region. Please note a company's region is based on the company’s headquarters. We don't have headquarter data for our entire inventory of companies, which may restrict the peer comparison group.
  • Define the “Number of Employees” of your peer group to be of similar or any size.
  • Define the “Number of Unique Services” of your peer group to be of similar or any size. Companies in the same industry with roughly the same number of employees may have very different Internet presences. With Peer Analytics, the digital footprint of similar companies is measured using the number of unique open host-port sets.

(2) Desired Level of Security Performance

Refer to the Peer Group Distribution over Rating Ranges, the Risk Vector Performance, and Top Ten panels in the Peer Analytics dashboard to define your desired level of security performance.

(3) Define Solutions and Prioritize

Refer to the Risk Vector Gap Analysis and Risk Vectors panels in the Risk Vectors page to identify the risk vectors with the highest impact.

The Patching Cadence risk vector is not included in the gap analysis.

The right column of the Risk Vector Gap Analysis shows the lowest ranked risk vectors in security management performance. The top row shows the risk vectors that have the highest impact on security ratings. Therefore, the following risk vectors (top-right scalar of the matrix) are the risk vectors that are of critical priority.

  • Botnet Infections, Potentially Exploited, and Spam Propagation, which goes towards the 27% Compromised Systems risk category weight.
  • File Sharing, which accounts for 2.5% of the total User Behavior risk category weight.

(4) Collaboration with Reporting

Select the Reports button at the top-right. Export and download the available reports to share with stakeholders and collaborate.

  • Summary: The Ratings History report provides Bitsight Security Ratings data of a company during the past 12 months including daily ratings, grades, and percentiles.
  • Compromised Systems Details: Compromised Systems details including infection type, start date, end date, and duration.
  • Diligence Details: Diligence details including evidence, grade, start date, end date, and risk vector specific information.
  • File Sharing Details: User Behavior details including risk type, category, start date, and end date.

Related articles