BitSight, one of the leaders in cyber risk rating, has announced a new product to allow organizations to benchmark against their peers. Dubbed “Peer Analytics,” this service will interest companies where benchmarking is a compliance obligation.
Peer Analytics will leverage BitSight’s cyber risk rating services to provide companies with the ability to compare their risk ratings against peers within their own industry.
“Peer Analytics offers unprecedented visibility at the most granular level to help security leaders make data-driven, defensible decisions – proactively rather than reactively,” said Dave Fachetti, Executive Vice President and Chief Marketing Officer at BitSight. “On a larger scale, this capability will help organizations meet industry standards of care for cybersecurity, enabling them to benchmark security performance against their peers in order to remain competitive and firmly aligned to their sector’s best practices. This standardization of security performance will be invaluable as we continue to see legal, financial and reputational fallout for organizations involved in major breaches.”
We are seeing an uptake in cybersecurity benchmarking expectations from regulators such as the USA Federal Financial Institutions Examination Council and Canada’s Office of the Superintendent of Financial Institutions. However, acquiring good benchmarking data has long been a significant challenge. Cyber risk ratings may not be ideal for peer benchmarking due to their limited insights into internal security practices, but they may be a good start for companies that are struggling to meet regulator expectations.
Dark web monitoring for supply chain risk is becoming a mandatory feature for cyber risk ratings providers. Panorays’ latest press release shows that it is catching up to the big players.
Normshield recently announced that it has licensed the FAIR model to allow customers to quantify supply chain security risk in terms of financial impacts. It is innovative, but is it useful?
BitSight Enterprise Analytics looks to increase the value proposition of using cyber risk ratings for internal risk management, but are they barking up the wrong tree? If you assume that cyber risk ratings are mostly useful for third-party risk management, you aren’t alone. BitSight is aiming to change that with its new Enterprise Analytics solution, but it may be chasing after the wrong audience.
Panorays has announced a partnership with Shared Assessments to provide Panorays customers with access to the Standard Information Standard (SIG) questionnaire. This is an innovative offering but may prove to be a mixed blessing.
SecurityScorecard has announced the availability of new professional advisory services to help customers consume its vendor cyber risk rating product. In doing so, it is tacitly admitting that risk ratings are not the easy solution they’ve been hyped to be.
RiskRecon and RSA have announced a partnership to bring RiskRecon’s third-party risk rating services to RSA’s Archer Governance, Risk and Compliance (GRC) system. This should be a welcome move for Archer customers.
SecurityScorecard, a leader in vendor cyber risk rating, has announced an initiative to help non-profit organizations with third-party risk management. Named Project Escher, this initiative demonstrates SecurityScorecard’s commitment to the non-profit sector.