CISA created the KEV catalog in part because of challenges that organizations have historically faced in prioritizing vulnerabilities. In any given year, there are tens of thousands of new vulnerabilities. But according to CISA, a study of historical vulnerability data dating back to 2019 shows that less than 4% of all known vulnerabilities were being used by attackers in the wild.

From the report, “For years, the Finance industry has been a trailblazer in managing the risk posed by vendors, suppliers, and business partners. As we have also detailed in previous BitSight Insights reports2 over the last four years, this industry has maintained a strong security posture in comparison to others. Given that the Finance industry is a leader in managing third-party cyber risk, how secure is their supply chain, and where do weak links lie? Are the companies in their supply chain meeting the same security standards they hold for their own organization? These questions are relevant not only for Finance organizations, but for all organizations that need to reduce third-party cyber risk. To answer these questions, BitSight researchers looked at the security performance of more than 5,200 Legal, Technology, and Business Services global organizations whose security ratings are tracked and monitored by hundreds of Finance firms using the BitSight Security Rating platform. The organizations across these industries represent a set of critical vendors and business partners in Finance’s supply chain, consisting of: legal organizations, accounting and human resources firms, management consulting and outsourcing firms, and information technology and software providers.”

This survey, conducted by Forrester Consulting on behalf of BitSight, offers insight in to the critical role that Vendors play in key business functions and how they can create security risks and issues.

From the report, “A growing list of contractors and subcontractors have disclosed that they have been victims of data breaches resulting in the compromise of sensitive government information. In response, U.S. federal agencies have or are considering expanding cybersecurity requirements for their contractor base and adopting best practices for evaluating and monitoring those entities. In a recent study, BitSight found a large gap in the security posture between financial organizations and their third parties. This BitSight Insights report explores a similar question: what is the cybersecurity performance of U.S. federal contractors, and how does that compare to the performance of U.S. federal agencies?”

A review of the observed (externally facing) security practices of the Fortune 1000 firms.

This infographic offers insights relating to the European Cybersecurity regulations.

In this Report, researchers analyzed the growing trend of ransomware across nearly 20,000 companies to identify common forms of ransomware, and identify which industries are most susceptible to these types of attacks.

This BitSight Insights report, Risk Degrees of Separation: The Impact of Fourth Party Networks on Organizations, focuses on aggregate risk and the issue of single points of failure. Insurance companies tackle this risk by monitoring whether a common set of threats impact their entire portfolio of insureds. However, without visibility into cyber risk aggregation, an insurance company could be jeopardized if there is a breach or any type of network disruption that affects a majority of their insureds.

This report will help you learn how understanding the global cyber threat landscape can help evaluate the potential risks of doing business in certain nations. It is the result of studying the performance of companies per country with more than 50% of their IP space in: The United States, United Kingdom, Germany, Brazil, China and Singapore.

This report focusses on the analysis of the cyber security posture of three industries: Finance and Insurance, Healthcare and Social Assistance, and Public Administration. The study looks into the number of event types by year from 2012 to 2016, the security ratings for cyber insurance by industry, and many other key data.