BitSight Advances Cyber-Risk Ratings With Forecasting | eWeek

BitSight Launches Forecasting Capability for Cyber-Risk

BitSight Forecasting

(PRNewsfoto/BitSight Technologies)

Sep 5, 2018
3 minute read
eWeek content and product recommendations are editorially independent. We may make money when you click on links to our partners. Learn More

Security ratings firm BitSight announced on Sept. 5 that it is expanding its offerings with the launch of the new BitSight Forecasting service.

The BitSight Forecasting capability builds on BitSight’s existing ratings service that helps organizations measure and benchmark cyber-security posture and maturity. With Forecasting, BitSight now enables organizations to estimate the impact of different technology and process changes on their cyber-security risk score.

“As we have gotten broader adoption of our platform, we have seen organizations set targets for where they want to be,” Stephen Boyer, founder and CTO of BitSight, told eWEEK. “BitSight Forecasting is really a way to give teams a way to understand what performance will look like in six to 12 months and what are some of the key things they can do to reach their targets.”


BitSight was founded in 2011 and launched its inaugural service for rating organizations’ cyber-security in 2013. The company has raised a total of $151 million in venture capital, including a $60 million Series D round announced on June 28 and $40 million in Series C funding announced  in September 2016.

Boyer said that a common question that he has heard over the years from organizations is if they are spending enough on cyber-security. He noted that the question of how much is being spent isn’t always the right question; rather it’s more important to understand how different investments can lead to different outcomes and impact on an organization’s overall cyber-risk.

Forecasting Risk

Modeling cyber-risk to be able to forecast the impact of changes is not a trivial exercise. Boyer said that BitSight has a whole team of data scientists that continuously build and update forecasting models. Boyer added that BitSight is already tracking a large volume of companies through its existing rating service, which provides a valuable data set that informs the forecasting model.

“In the world of Big Data, better data and more data wins,” he said. 

Using the past history for a given organization, its’ peers in the same industry as well as other industries, Boyer said that BitSight builds out machine learning and statistical models from previous performance and then uses those models to forecast the future. The model enables BitSight Forecasting users to understand how different inputs and process changes will impact cyber-risk in the future.

Making An Impact

What makes an impact in one organization on future cyber-risk might not be the same for all organizations. For example, Boyer said that the Financial Services industry is generally already pretty good at patch management, but there are other areas where there are gaps such user access policies.

“We’re measuring culture by proxy, we get to see outcomes that are a confluence of execution and culture,” Boyer said.

Boyer said that improving security is not as easy as just telling every organization to go out and patch their system. Rather he said that there are different things that organizations can do including training, technology and process improvement that will yield different results based on each individual organization’s circumstances. That said, Boyer did note that almost every organization can benefit from the use of network isolation or segmentation technologies that can limit risk.

There also isn’t always a direct relationship between financial investments in cyber-security and improved cyber-risk.

“You could spend a lot of money on things that may not matter, that might not be directly impactful,” Boyer said. “We have seen organizations spend a lot of money updating certain services that no one uses, rather than focusing on where the attackers are going which are key asset and hosts.”

Looking forward, Boyer said that BitSight will be working on ways to better integrate cyber-security ratings into business processes, in a more data driven and automated approach.

“You’ll see from us in the future increasing visibility and higher degrees of collaboration capabilities to help organizations better quantify and manage their state of risk,” he said.

Sean Michael Kerner is a senior editor at eWEEK and InternetNews.com. Follow him on Twitter @TechJournalist.

eWeek Logo

eWeek has the latest technology news and analysis, buying guides, and product reviews for IT professionals and technology buyers. The site's focus is on innovative solutions and covering in-depth technical content. eWeek stays on the cutting edge of technology news and IT trends through interviews and expert analysis. Gain insight from top innovators and thought leaders in the fields of IT, business, enterprise software, startups, and more.

Property of TechnologyAdvice. © 2026 TechnologyAdvice. All Rights Reserved

Advertiser Disclosure: Some of the products that appear on this site are from companies from which TechnologyAdvice receives compensation. This compensation may impact how and where products appear on this site including, for example, the order in which they appear. TechnologyAdvice does not include all companies or all types of products available in the marketplace.