Research uncovers substantial link between Bitsight Analytics and cybersecurity breaches
In a recent study, Marsh McLennan, a global professional services company, has identified significant correlations between cybersecurity incidents and various risk factors, as measured by Bitsight Security Ratings.
The study, which analysed Bitsight security performance data across 365,000 organisations from 2018-2021, found a statistically significant correlation between Bitsight Security Ratings and the likelihood of a cybersecurity incident. Among the 14 Bitsight analytics, the Patching Cadence risk vector, which measures how many systems within an organisation's network are affected by important vulnerabilities and how quickly they are remediated, was found to be significantly correlated with cybersecurity incidents and ranked number one.
Organisations with poor performance in the Patching Cadence risk vector are significantly more likely to experience a cybersecurity incident, while strong performance implied a lower risk. The study also highlighted 13 other risk vectors at BitSight that are highly likely to correlate with cybersecurity incidents: Application Security, Endpoint Security, Web Security, Network Security, Denial of Service Attack, Malware, Botnet, Credential Risk, Compliance, Dark Web Activity, Spam, Patch Level, and DNS Health.
Scott Stransky, managing director and head of the Cyber Risk Analytics Center at Marsh McLennan, made the conclusion that poor performance in certain areas, including the Bitsight Security Rating and these 13 risk vectors, increases an organisation's risk of experiencing a cybersecurity incident.
The study emphasizes the importance of data-backed decisions in the realm of cybersecurity and cyber risk. As rapid changes in the cybersecurity landscape have created a renewed sense among stakeholders to reduce the likelihood of business-impacting cybersecurity incidents and strengthen cyber resilience, market participants can benefit from analytics that demonstrate which cybersecurity improvements are likely to yield the highest impact.
Cybersecurity and cyber risk stakeholders are encouraged to leverage the findings of the study to better serve their respective stakeholders and make more informed and data-backed decisions. However, it's important to note that the study does not provide specific details about the new cybersecurity improvements or their impact, only that they are likely to yield the highest impact.
Lastly, while the study provides valuable insights, it does not discuss the potential long-term effects of implementing the recommended cybersecurity improvements. It is up to each organisation to assess the potential benefits and risks associated with implementing the suggested changes in their own context.
Read also:
- Cyber Attack Nets $14 Million from WOO X Across Four Different Blockchains
- Nigerian Securities and Exchange Commission (SEC) teams up with Chainalysis to combat cryptocurrency fraud activities
- International marketing firm We Are Social intensifies global strategy for gaming industry
- Server Hazards: Top 4 Pests Imperiling Your Data Center and Preventive Measures
