Ratings agencies are a fact of life for the financial community and as cyber security rises in importance, so too must the security of an organisation be rated. Security rating platforms is a rapidly growing area of the security technology market.
“Ratings give you the ability to tell a story that is not just about firewalls. There has been an evolution of the way that we present to the CEO and the board,”
“A security rating is a measurement of the cyber security performance carried out by an independent agency,” says Jake Olcott, VP of BitSight a security ratings provider. Adding that they are used for third party analysis of suppliers as well as first party - internal performance management.
“We are rating organisations by their performance using externally collected data and then we place them on a measurement scale of 250 to 900; 250 being poor and 900 outstanding,” Olcott says. BitSight was founded in 2011 and has been adopted by a number of Fortune 500 businesses in the USA and is incerasing its UK and European presence.
Olcott says adoption is being driven by organisations keen to gain a better understanding of their security against rivals or the wider business community. Rising levels of transparency are part of this adoption. Investors and insurance companies are looking to get a better understanding of how the businesses they insure or invest in are performing.
Olcott says CIO customers use the ratings to improve their management and relationships with third party suppliers and also demonstrate to the organisation where there are gaps in the organisational security.
“Ratings give you the ability to tell a story that is not just about firewalls. There has been an evolution of the way that we present to the CEO and the board,” Olcott tells the Horizon CIO Podcast.
“The major use case is for third party monitoring, as there has been a dramatic increase in attacks on vendors, contractors and the supply chain,” Olcott adds of how CIOs and CTOs are using security ratings.
To learn more, listen in.