BitSight has released results from an independent study which found fourteen BitSight analytics, including the BitSight Security Rating, and thirteen BitSight risk vectors, to be correlated with cybersecurity incidents.
The study was conducted by the Marsh McLennan Cyber Risk Analytics Center, which brings together the cyber risk data and analytics expertise of Marsh McLennan’s businesses, Marsh, Guy Carpenter, Mercer and Oliver Wyman.
Marsh McLennan independently determined the methodology and analysed BitSight’s security performance data on 365,000 organizations and Marsh McLennan’s proprietary cybersecurity incidents and claims information.
Results from the study showed that cybersecurity performance deficiencies in the identified areas increases an organization’s risk of experiencing a cybersecurity incident, while strong performance implies a lower risk of an incident occurring.
The fourteen analytics with measured correlation cover a diverse set of security concerns including – Endpoint Management and Malware Detection, Vulnerability Management, Secure Communications, and User Training and Awareness.
One major finding from the report shows concerns over the importance of an organization’s patching initiatives, as many organizations struggle to deploy patches when a new vulnerability is identified.
Moreover, BitSight measures how many systems within an organization’s network are affected by important vulnerabilities, and how quickly the organization remediates them.
Additionally, Marsh McLennan found that an organization’s patching cadence, as measured by BitSight, was correlated to the likelihood of experiencing a cybersecurity incident.
Scott Stransky, managing director and head of the Marsh McLennan Cyber Risk Analytics Center, said: “After comparing the security performance data of thousands of organizations that experienced cybersecurity incidents against those that did not, we identified a statistically significant correlation between BitSight Security Ratings as well as certain BitSight risk vectors and the likelihood of a cybersecurity incident.”
Stephen Harvey, chief executive officer, BitSight, added: “The findings from this critical study confirm the value of BitSight’s Security Ratings and analytics. Our goal has always been to provide leaders with insightful data to help drive smarter decisions around cybersecurity.
“We anticipate this research will be used to augment the market’s cybersecurity decision making, and now those in the marketplace can be more confident that our data effectively assesses the cyber risk of organizations and provides actionable insights when creating or managing a cybersecurity program.”