<img height="1" width="1" style="display:none;" alt="" src="https://dc.ads.linkedin.com/collect/?pid=26304&amp;fmt=gif">
Security Ratings

What Is A Security Rating?

Joel Alcon | January 19, 2017

A BitSight Security Rating is a simple way to understand and assess the cybersecurity posture of an organization or an organization’s vendors. It helps answer a number of critical cybersecurity questions:

  • “Am I performing better or worse compared to my industry peers?”
  • “Are my vendors’ cybersecurity postures up to my standards?”
  • “What risk are we taking on if we underwrite this cyber insurance policy?”
  • “What does the security posture of our potential acquisition look like?”

But even with all of these benefits, you may still be wondering what a BitSight Security Rating is and how it’s calculated.

What is a BitSight Security Rating?Security Ratings Overview

A BitSight Security Rating is a number between 250 and 900 that is indicative of your overall cybersecurity posture. Because of the simplicity (similar to consumer credit reports), reporting cybersecurity posture to the board is easier than ever.

How is the data gathered? 

BitSight gathers terabytes of data from sources across the world and then maps the data to individual organizations. All collected data is gathered from the outside in and is unobtrusive. To gather this information, BitSight does not need penetration testing or costly questionnaires or assessments but instead leverages externally observable data on compromised systems, security diligence, user behavior, and data breaches around the globe.


Are Security Ratings accurate?

BitSight performs intensive analysis on all data that goes into our cybersecurity ratings platform to ensure that it is trusted, time-tested, and actionable. Research has shown that companies with a rating of 400 or lower are five times more likely to have a breach than those with a rating of 700 or more. This means that Security Ratings can be used to identify real-world security risks.

What are the benefits of Security Ratings?

When people talk about cybersecurity, they usually think of security events (such as infections or compromised systems) and risky user behaviors (like illegal file sharing). In addition to these, people often inquire about security configurations and practices , like configuring SSL certificates, using email protocols, performing vendor security assessments, and more. Documentation is still relevant today — and will remain relevant in the future — but many organizations have realized that it isn’t enough. These methods are often subjective, unactionable, and unverifiable. For example, if you ask a vendor to complete a questionnaire, they’ll answer based on how they perceive their security to be. This doesn’t mean they’re purposely trying to deceive you; they simply may not fully understand their own cybersecurity posture.

Security Ratings help this process because they provide greater context around an organization’s security posture. Users can make important decisions based on their ratings (or the ratings of their vendors) and rest assured that the data coming from these cybersecurity ratings is accurate and trustworthy.

What’s your Security Rating?

If you’ve received an Enable Vendor Access request from a company you do business with, you can gain 14 days of complimentary access to the BitSight Security Ratings portal. You’ll be able to take a look at issues that may be impacting your rating, use forensic information to prioritize and remediate issues, and see how you compare to over 105,000 other entities in our database. Read answers to frequently asked questions to help better understand your security rating.

If you haven’t been invited to the BitSight Security Ratings portal through a business partner, request a demo today and to get your security rating and see how your organization's cybersecurity performance compares to your industry peers and competitors.

Request A Demo

Suggested Posts

Security Ratings Services & “Traditional” Security Solutions: What You Need to Know

It’s no surprise that cybersecurity remains a top concern for business leaders today. In fact, PwC’s 2018 CEO Survey showed cyber threats rose from its position as the #10 organizational threat in 2017 to #4. As such, the market for...


What’s In It For Me As a BitSight Customer?

In today’s day and age, reducing cyber risk needs to be a priority for your organization — but what is the most effective way to tackle building your security program? For seven years, BitSight has proven that we have the most time-tested,...


Analyzing Security Ratings of U.S. Federal Agencies and Government Contractors

The federal government relies on tens of thousands of contractors and subcontractors — often referred to as the federal “supply chain” — to provide critical services, hold or maintain sensitive data, deliver technology, and perform key...


Subscribe to get security news and updates in your inbox.