An increasing number of security and risk management executives are being asked to present to the Board of Directors on the state of their — and their third parties’ — security and risk programs. A recent joint survey by Veracode and NYSE found that nearly 80% of directors said that cybersecurity topics are discussed at nearly every board meeting.
Furthermore, third party cyber risk has become a more popular discussion topic in the boardroom in the fallout of more large data breaches originating from vendors, suppliers, and business partners. Gartner estimates that by 2020, 75% of Fortune 500 companies will treat vendor risk management as a board-level initiative to mitigate brand and reputation risk.
C-Suite and Boards of Directors need timely and effective insight to understand how their company’s security and risk programs are performing and, as well as how performance compares to similar industry peers. However, for security and risk managers, compiling this data is often challenging and time-consuming. More importantly, it often results in organizations presenting metrics that do not effectively inform senior executives and the Board on cyber risk in their business ecosystem.
BitSight understands that now, security data must be made accessible across business units and up to the Board. Now available for all customers, BitSight Executive Reports enable customers to identify and report on gaps in their risk and security programs, as well as determine what resources are needed most for improvement. Customers can navigate to the Reports Page and access over a dozen readily-available reports on the security posture of their company and their vendor portfolio.
A new report allows customers to compare the performance of any 5 vendors, industry peers or companies they monitor, all in one view. This report shows a breakdown of risk vectors that impact rating calculations and enables organizations to instantly identify any areas of weaknesses or strengths relative to their vendors or peers. With this information in one view, stakeholders can have more informed discussions on where security initiatives are working, and where future resources may need to be allocated.
As cybersecurity and vendor risk management continue to be a more frequent conversation in board meetings, reports need to be tailored to an organization’s risk profile and risk tolerance. BitSight Executive Reports will evolve to accommodate users to craft fine-tuned, specific metrics and reports that facilitate more productive security discussions.