NEW 2024 Risk Score Report!

Your complimentary, customized security ratings report is waiting:

Receive a comprehensive overview of your organization’s cybersecurity program highlights, featuring your Bitsight Security Rating and a detailed comparison to industry peers from iSECURE.

Have the ability to confidently convey the advancements in your cyber risk management program and cybersecurity performance to your executive team and board of directors.

BitSight Security Ratings are a measurement of an organization’s security performance.
Much like credit ratings, BitSight Security Ratings are generated through the analysis of externally observable data. Armed with daily ratings, organizations can proactively identify, quantify and manage cyber security risk throughout their ecosystem. Unlike existing security assessment tools that examine a company’s policies or conduct periodic scans, BitSight continuously measures security performance based on evidence of compromised systems, diligence, user behavior, and data breaches to provide an objective,evidence-based measure of performance. This data-driven, outside in approach, requires no
information from the rated entity. With BitSight Security Ratings, organizations can shift from time and policy based security risk management towards a continuous outcome based model that is both effective and efficient.

How are BitSight Security Ratings Calculated?

BitSight Security Ratings range from 250 to 900. The higher the rating, the more effective the company is in implementing good security practices. BitSight Security Ratings are calculated using a proprietary algorithm that analyzes and classifies externally observable data. The ratings are generated based on four classes of data -– compromised systems, diligence, user behavior, and data breaches.

Compromised Systems observed by BitSight represent evidence of successful cyber attacks. Examples of compromised systems include communication with known botnets, spam, malware and more. Although a compromised system may not necessarily equate to data loss, each one is an indication that the organization has been compromised in some manner.

Diligence data points are an indicator of whether a company has taken steps to prevent an attack. BitSight analyzes security configurations such as SSL, SPF, DKIM, DNSSEC and more to measure a company’s effectiveness in implementing these controls. Proper email server configuration, for example, can help prevent email related attacks and indicates that
a company has employed good risk management practices.

Security Ratings are updated daily and accessible through the BitSight platform and via the API. In addition to ratings, historical trends, compromised systems and diligence details, industry and peer comparisons and more are available on the platform.