Contactez-nous Suivez-nous sur Twitter En francais English Language

De la Théorie à la pratique

Freely subscribe to our NEWSLETTER

Newsletter FR

Newsletter EN



BitSight Unveils Peer Analytics for More Effective Security Performance Management

February 2019 by Marc Jacob

BitSight announced the availability of BitSight Peer Analytics, the latest Security Performance Management offering on the BitSight platform. Leveraging the world’s most trusted and comprehensive view of security performance across hundreds of thousands of global organisations, BitSight Peer Analytics provides security and risk leaders unprecedented visibility into the relative performance of their security programs against their peers and sector. The solution enables organisations to meet and surpass their industry standard by setting achievable security performance improvement goals, effectively allocating limited resources, and efficiently prioritising security efforts.

BitSight Peer Analytics provides organisations with the world’s leading industry and critical peer group cybersecurity performance measurements. Security leaders now have real-time access to broad, deep, meaningful, objective data and metrics on industry-wide security and peer-level performance across multiple categories of vulnerabilities and incidents. The Peer Analytics solution allows customers to compare themselves to configurable groups of their peers — a group of hundreds or even thousands of companies, by industry, sub-industry, company size, and other useful benchmarks. This information allows security and risk leaders to:

1. Discover the Security Performance Standard: Peer Analytics helps organisations discover the cybersecurity performance standards that exist in their industry, sector, and peer group. Knowing and meeting the industry security performance standard is critical for organisations to win new business and remain competitive in their respective markets.

2. Identify Performance Gaps: Peer Analytics helps organisations uncover the factors that most significantly affect their industry’s security performance standard and pinpoint the biggest discrepancies with their peers.

3. Establish Achievable Security Performance Targets: With Peer Analytics, security leaders can see how they compare to their industry or peer group and identify a security performance target that makes sense for them in relation to that group. Targets can be set at the overall security rating level, at the individual risk vector level, and even at the specific event level.

4. Effectively Allocate Resources: Peer Analytics allows organisations to confidently distribute limited resources and prioritise security team efforts for the greatest impact on security performance improvement.

5. Create Effective Improvement Plans: Alongside BitSight Forecasting — the security rating industry’s first analytics tool that allows customers to comprehensively model different scenarios and paths of remediation to project future security performance — Peer Analytics helps companies understand where they fall short of the industry standard and create improvement plans to meet that standard.

6. Report Confidently: Leveraging Peer Analytics, security and risk leaders can confidently report critical metrics about their security program internally to senior executives and corporate directors, as well as externally to customers or regulators, knowing that their program is aligned with or exceeds industry standards of care.

It has never been more important for security and risk leaders to know their industry’s security performance standards and perform peer and sector-wide security benchmarking. Organisations face legal liability for failing to meet customer requirements and industry-wide standards of care for cybersecurity. But due to the ever-changing nature of the cyber landscape, expectations and standards of care are constantly in flux — what was “adequate” security yesterday may not be today. Traditional approaches to cyber assessment (like point-in-time security audits and compliance reviews) provide only limited internal security performance analysis with no insight into industry-wide standards for a comprehensive, real-time comparative assessment.

See previous articles


See next articles