Study Finds Significant Correlation Between BitSight Analytics and Cybersecurity Incidents

The Marsh McLennan Cyber Risk Analytics Center conducted independent analysis of BitSight's Security Rating and risk vectors and cybersecurity incident data.

October 25, 2022

3 Min Read


BOSTON, Oct. 25, 2022 /PRNewswire/ — BitSight, the Standard in Security Ratings, has released results from an independent study which found fourteen BitSight analytics, including the BitSight Security Rating, and thirteen BitSight risk vectors, to be correlated with cybersecurity incidents. The study concluded that cybersecurity performance deficiencies in the identified areas increases an organization's risk of experiencing a cybersecurity incident, while strong performance implies a lower risk of an incident occurring.

The study was conducted by the Marsh McLennan Cyber Risk Analytics Center, which brings together the cyber risk data and analytics expertise of Marsh McLennan's businesses, Marsh, Guy Carpenter, Mercer and Oliver Wyman. Marsh McLennan independently determined the methodology and analyzed BitSight's security performance data on 365,000 organizations and Marsh McLennan's proprietary cybersecurity incidents and claims information.

"After comparing the security performance data of thousands of organizations that experienced cybersecurity incidents against those that did not, we identified a statistically significant correlation between BitSight Security Ratings as well as certain BitSight risk vectors and the likelihood of a cybersecurity incident," said Scott Stransky, managing director and head of the Marsh McLennan Cyber Risk Analytics Center.

The marketplace has historically struggled to establish a data-driven relationship between poor cybersecurity performance and the increased likelihood of cybersecurity incidents. Demonstrating how quantitative performance measurements created by BitSight correlate to the likelihood of a cybersecurity incident show that BitSight's cybersecurity analytics can assist security, business, and insurance leaders in making more informed and data-backed decisions.

"The findings from this critical study confirm the value of BitSight's Security Ratings and analytics," said Stephen Harvey, chief executive officer, BitSight. "Our goal has always been to provide leaders with insightful data to help drive smarter decisions around cybersecurity. We anticipate this research will be used to augment the market's cybersecurity decision making, and now those in the marketplace can be more confident that our data effectively assesses the cyber risk of organizations and provides actionable insights when creating or managing a cybersecurity program."

The fourteen analytics with measured correlation cover a diverse set of security concerns including – Endpoint Management and Malware Detection, Vulnerability Management, Secure Communications, and User Training and Awareness. One critical finding from the report concerns the importance of an organization's patching initiatives. Many organizations struggle to effectively deploy patches when a new vulnerability is identified. BitSight measures how many systems within an organization's network are affected by important vulnerabilities, and how quickly the organization remediates them. Marsh McLennan found that an organization's patching cadence, as measured by BitSight, was correlated to the likelihood of experiencing a cybersecurity incident.

For more information on the report and to download the findings, visit:

About BitSight

BitSight creates trust in the digital economy and transforms how organizations manage cyber risk. The BitSight Security Ratings Platform applies sophisticated algorithms, producing daily security ratings that range from 250 to 900, to help organizations manage their own security performance; mitigate third party risk; underwrite cyber insurance policies; conduct financial diligence; and assess aggregate risk. With the largest ecosystem of users and information, BitSight is the Standard in Security Ratings. For more information, please visit, read our blog or follow @BitSighton Twitter.

Keep up with the latest cybersecurity threats, newly discovered vulnerabilities, data breach information, and emerging trends. Delivered daily or weekly right to your email inbox.

You May Also Like

More Insights