<img height="1" width="1" style="display:none;" alt="" src="https://dc.ads.linkedin.com/collect/?pid=26304&amp;fmt=gif">
Cyber Risks

Examining The Growing Cyber Risk Gap

Dave Fachetti | November 17, 2017

In today’s business world, the desire to transact in the digital realm is dramatically accelerating and, unfortunately, so is the cyber risk that one takes on as a result. Organizations that handle sensitive data are more likely to become the targets of hackers who are looking to exploit this information stored within their network. Businesses now find themselves exposed to a growing “Cyber Risk Gap.” This gap is the outcome of the combined impact of the following:  

1. An increasing and changing set of risk/threat vectors. 

Today, more than ever, there are innumerable ways for bad actors to penetrate business organizations. This was displayed over the past year with events like WannaCry and other ransomware attacks that caused business disruption as well as significant data compromise. Taking this into account, companies must be able to guard themselves against these increasing varieties/types of threats.

2. A higher volume of new vendors. 

Organizations do business with more vendors than ever before — their ecosystem expands to include both their third parties and fourth parties. Subsequently, this means they take on the risk associated with these organizations — and there can be up to hundreds of thousands of these business partners. These third and fourth parties are liabilities because they have the ability to access your network, and vice versa. Today, the supply chain is fragmenting; it’s easier to do business online, and with that comes the threat of exposure to vendors’ networks that are not secure.

3. A Cyber Risk assessment process that is labor intensive, qualitative in nature, and unable to scale.

When creating a risk management strategy, it’s most important to have assessment processes in place that can scale to meet the growing number of vendors that work with your business. Traditionally, assessment approaches like penetration tests and questionnaires are qualitative and episodic — they can only analyze risk at a certain point in time. While an important part of the risk management process, these labor intensive processes are not able to scale to meet the volume and timing requirements of the current risk environment.

It’s critical that organizations put into place assessments that are qualitative, quantitative, and continuous. BitSight Security Ratings meet the critical emerging needs for continuous quantitative analysis to augment the episodic, qualitative assessments. While proactively mitigating risk, it’s crucial to have a standard measurement tool when looking at both internal and third party risk. BitSight Security Ratings helps provide a quantitative measurement that reflects the dynamic nature of your business ecosystem: always changing and growing rapidly.

Get Your Rating

Suggested Posts

BitSight EXCHANGE Recap: Takeaways from the Inaugural Forum

On October 10th, BitSight’s inaugural EXCHANGE forum, the premier event for security and risk professionals, took place at the Intercontinental New York Times Square. Over the course of this one-day event, distinguished business and...

READ MORE »

Streamline Your Bank's Third-Party Vendor Management Risk Assessments

Banks and other financial institutions are a proving ground for new risk management methods. High risk and intense regulations feed into a culture of serious, comprehensive security — a culture that has manifested in mature methodologies...

READ MORE »

Quantifying Cybersecurity Risk: A Beginners Guide

In a 2017 survey of almost 1,300 CEOs conducted by PwC, 63% of respondents said they were “extremely concerned” about cyber threats — up from just 8% in 2013.

READ MORE »

Subscribe to get security news and updates in your inbox.