<img height="1" width="1" style="display:none;" alt="" src="https://dc.ads.linkedin.com/collect/?pid=26304&amp;fmt=gif">

Understand Your Security Rating

Common questions and answers about BitSight Security Ratings

Over 1,000 organizations are using BitSight Security Ratings to continuously monitor cyber risk in their business ecosystem. Using an approach similar to credit ratings for financial risk, BitSight customers are able to gain insight into the security posture of third parties as well as their own organization. BitSight Security Ratings are calculated on a scale of 250-900 with a higher rating indicating better security performance.


Did you get your BitSight Security Rating? 

BitSight Security Ratings portal   BitSight Security Ratings   security ratings



I was invited to the BitSight Portal

Great! BitSight grants you complimentary portal access to understand your BitSight Security Rating and investigate details behind it. If you have any questions about your rating details or would like a walkthrough of the ratings portal, please reach out to success@bitsighttech.comThe Customer Success team can also provide you with additional context around the invitation you received and answer any questions you may have. 

See how BitSight’s Enable Vendor Access feature allows customers to have data-driven, evidence-based conversations, making vendor risk management a more collaborative process.



I was sent a BitSight Report

You may have received a BitSight report from a company you work with. Your BitSight report includes your rating and details behind each risk vector in our platform. However, to get detail into specific security issues occurring within your organization’s digital footprint including IP addresses, you must access the BitSight platform.

All organizations have the right to access to BitSight platform to receive these details free of charge. To inquire about gaining access to the BitSight Security Rating Platform, please email EVA@bitsighttech.com.

Frequently Asked Questions

[fa icon="plus-square"] How was my rating calculated?

BitSight uses externally observable data on compromised systems, security diligence, user behavior, and public disclosures to compute a company’s security rating. All companies—regardless if they are a customer or not—are rated on the same criteria. For more details, see “How BitSight Calculates Ratings.”

[fa icon="plus-square"] Who else can see my rating?

All BitSight customers can subscribe to view the rating of any other company within their portfolio. However, forensics information, such as IP addresses affected, server name, and observed behavior are only disclosed to the organization itself, never anyone else, unless with express authorization from the organization.

[fa icon="plus-square"] Where does this data come from?

BitSight collects data through proprietary methods and partners with reputable and diverse organizations to obtain breadth, depth, and coverage on an organization’s security posture. Only data that is actionable and correlated to actual security risks are factored into rating calculations. For more information, visit our Data page.

[fa icon="plus-square"] Our guest/public network is segmented. Why does my rating not account for that?

Any organization has the ability to tag portions of their networks and specify which of their IP addresses are reserved for guests, security research and testing, or other purposes. Tagging these portions of the network provides the relevant context should a security event occur. BitSight also enables organizations to create self-published ratings that reflect the security posture of particular parts of their networks.

If you’d like to do this, please reach out to support@bitsighttech.com.
[fa icon="plus-square"] Is this legal?

Yes, all the information we gather is from the public Internet; our product is non-intrusive and requires no agents or software to be deployed. The information is available to anyone who chooses to collect it. Moody’s, Dun & Bradstreet and others have set a market precedent for collecting data and presenting a score. Similar to these companies that have established industry standards, our ratings algorithm is based only on fully objective, verifiable and actionable data.

[fa icon="plus-square"] Can I dispute my rating?

Absolutely, BitSight firmly believes in the transparency of its ratings for all organizations. In the event you believe there is a discrepancy with your rating, you can reach out to our customer support team. BitSight’s customer success team will review any records within your rating that you believe are incorrect. If ultimately necessary, rating disputes can be brought to the Office of the Ombudsman to ensure an unbiased and accurate resolution.

[fa icon="plus-square"] What do we need to do now?
A company (your own customer or someone in your supply chain) may be evaluating critical business decisions based off of your organization’s security posture. Organizations should address any issues found within their rating and take steps to improve their rating.
[fa icon="plus-square"] What can I do to improve my rating?

Security Ratings are a measurement of security performance based on historical data—over years—meaning they won’t necessarily change dramatically overnight. 

A company’s rating includes a Remediation Strategy which highlights risk vectors that have had a high rating impact in the last 60 days. Organizations should start with items that have affected their rating the most. For context, organizations with ratings in BitSight’s advanced category (740-900) tend to: ensure security configurations are up to industry standards, continuously monitor their networks for compromised systems, and remediate issues as soon as they are discovered.


We’d love to show you how you can simplify your risk management and take charge of your cybersecurity with these intuitive and powerful solutions.

Request A Demo