Cyber risk check
The Cyber risk check measures an organization's security performance and its level of cybersecurity risk using Bitsight cyber risk. The service monitors external network activity across the world, looking for notable events such as communication with command and control servers, malware activity, and participation in DDoS attacks.
Information used to run this check
To run the check, the company profile information must have a valid Company number to generate the BvD ID.
Overall result of the check
Bitsight cyber risk generates a Cyber risk rating for a given organization by identifying which network assets are theirs and then examining the findings from those assets. Findings are used to build sub-ratings, called risk vectors, which are the explanatory ratios necessary to understand the drivers that make up the ratings. In a similar style to the FICO credit score, the least secure rating is 250, while 900 is the most secure.
The Cyber risk check ratings are divided into three main categories:
Basic (rating between 250 to 630): Poor security performance and the highest risk. Entities in this category have lower security ratings and an increased likelihood of a data breach. They typically have not implemented best practice IT security policies and procedures, may demonstrate evidence of compromised systems on their network, and provide the greatest risk. The basic entities are, on average, two to three times more likely to experience a publicly disclosed data breach than the intermediate entities.
Intermediate (rating between 640 to 730): Fair security performance and a moderate risk. Entities in this category have relatively fair security performance and demonstrate a moderate security effectiveness. These entities provide a moderate level of risk and are, on average, one and half to two times more likely to get breached than entities with the advanced ratings.
Advanced (rating between 740 to 900): Strong security performance and the lowest risk. Entities in this category have a strong security performance and are less likely to experience a data breach. These entities demonstrate evidence of a best practice implementation and consistent risk mitigation.
In addition, the report offers a Detailed cyber risk rating breakdown showing how the rating was formed. The details are divided into four separate vectors: Compromised systems, Diligence, User behavior, and Public disclosures. Each vector has their sub vectors with a rating from A to F.
The Cyber risk check ratings are:
A In the top 10% of companies
B In the top 30% of companies
C In the top 60% of companies
D In the bottom 40% of companies
F In the bottom 20% of companies
N/A This grade has no correlation with how a company is performing. If a letter grade is "N/A" (not available), it may be because:
The risk vector is informational.
The grade defaults to it, in the absence of findings.
The risk vector is going through an evaluation period before having an impact on the rating.
The possible Cyber risk check results
The following table explains the possible results from running the Cyber risk check:
Result | Explanation |
|---|---|
Pass | The result is equal to or above the minimum Cyber risk rating set in your smart policy. |
Fail | The result is below the minimum Cyber risk rating set in your smart policy. |
Error | An error may occur due to the following circumstances:
|