shutterstock_1108086104
27 October 2022Insurance

New Marsh study finds link between cybersecurity incidents and ratings

A new study by Marsh McLennan and BitSight throws light on the “significant correlation” seen between cyber ratings and security incidents.

BitSight, the Standard in Security Ratings, has released results from an independent study which found fourteen BitSight analytics, including the BitSight Security Rating, and thirteen BitSight risk vectors, to be correlated with cybersecurity incidents.

The study was conducted by the Marsh McLennan Cyber Risk Analytics Center, which brings together the cyber risk data and analytics expertise of Marsh McLennan’s businesses, Marsh, Guy Carpenter, Mercer and Oliver Wyman.

Marsh McLennan independently determined the methodology and analysed BitSight’s security performance data on 365,000 organisations and Marsh McLennan’s proprietary cybersecurity incidents and claims information.

Results from the study showed that cybersecurity performance deficiencies in the identified areas increases an organisation’s risk of experiencing a cybersecurity incident, while strong performance implies a lower risk of an incident occurring.

The fourteen analytics with measured correlation cover a diverse set of security concerns including – Endpoint Management and Malware Detection, Vulnerability Management, Secure Communications, and User Training and Awareness.

One critical finding from the report concerns the importance of an organisation’s patching initiatives. Many organisations struggle to effectively deploy patches when a new vulnerability is identified.

BitSight measures how many systems within an organisation’s network are affected by important vulnerabilities, and how quickly the organisation remediates them.

Marsh McLennan found that an organisation’s patching cadence, as measured by BitSight, was correlated to the likelihood of experiencing a cybersecurity incident.

Scott Stransky, managing director and head of the Marsh McLennan Cyber Risk Analytics Center, said: “After comparing the security performance data of thousands of organisations that experienced cybersecurity incidents against those that did not, we identified a statistically significant correlation between BitSight Security Ratings as well as certain BitSight risk vectors and the likelihood of a cybersecurity incident.”

Stephen Harvey, chief executive officer of BitSight, added: “The findings from this critical study confirm the value of BitSight’s Security Ratings and analytics. Our goal has always been to provide leaders with insightful data to help drive smarter decisions around cybersecurity. We anticipate this research will be used to augment the market’s cybersecurity decision making, and now those in the marketplace can be more confident that our data effectively assesses the cyber risk of organisations and provides actionable insights when creating or managing a cybersecurity program."

Did you get value from this story?  Sign up to our free daily newsletters and get stories like this sent straight to your inbox.

Already registered?

Login to your account

To request a FREE 2-week trial subscription, please signup.
NOTE - this can take up to 48hrs to be approved.

Two Weeks Free Trial

For multi-user price options, or to check if your company has an existing subscription that we can add you to for FREE, please email Elliot Field at efield@newtonmedia.co.uk or Adrian Tapping at atapping@newtonmedia.co.uk


More on this story

Insurance
25 October 2022   The industry will have to make progress on modelling and limits to get ILS into the game, key industry leaders agreed at Baden-Baden.
Insurance
24 October 2022   The gauntlet has been thrown down for the industry to prove itself, says Guy Carpenter Symposium.
Insurance
31 October 2022   Regions converge to mid-single digit growth rates; cyber remains stand-out growth market.