BitSight Technologies, the standard in Security Ratings, today released a new BitSight Insights report titled, “BitSight Insights Global View: Revealing Security Performance Metrics Across Major World Economies,” which examined Security Ratings of a random sample of 250 companies per country from the United States, the United Kingdom, Singapore, Germany, China and Brazil, from May 1, 2015 to May 1, 2016. The report is intended to inform risk managers and security professionals of the potential cyber risks that may arise when sharing data with partners and vendors across borders.
“Along with operational, financial and legal risk, cyber risk should be a key consideration when extending operations globally. This includes understanding the risk associated with sharing sensitive data with global partners and vendors,” said Stephen Boyer, co-founder and CTO of BitSight Technologies. “Just as business practices and laws differ across countries, so do cybersecurity practices. When expanding globally, it is imperative to communicate best practices and establish a standard of security performance that can be implemented across the entire supply chain.”
BitSight is the worldwide leader in providing objective, verifiable and actionable Security Ratings to organizations across all major industries and five continents. BitSight Security Ratings are a measurement of an organization’s security performance and range from 250 to 900, where higher ratings equate to lower risk. Much like credit ratings, BitSight Security Ratings are generated through the analysis of externally observable data such as compromised machines, vulnerabilities in important communication protocols, and user behavior. Country ratings were calculated using a simple average of the BitSight Security Ratings of companies in that origin.
- Companies based in Brazil have the lowest aggregate Security Rating, while companies in the UK, Germany and the United States have the highest.
- Brazil and the United States have the poorest performance when it comes to preventing and mitigating machine compromises stemming from botnet infections; Germany and the UK perform the best in the fight against botnets.
- Major vulnerabilities in important communication protocols such as Heartbleed, POODLE and FREAK continue to affect organizations within all countries included in the study.
- Peer-to-peer file sharing is common across all countries included in the study, except Germany.
- China, Brazil and Germany have a higher percentage of poorly configured email security protocols, such as SPF and DKIM.
Country of origin was determined if greater than 50 percent of the organization’s network assets were attributed to that country. This provides a clear picture of companies that hold the majority of their Internet-connected technology assets within one of these countries, although it may not reflect more traditional definitions of country origin such as headquarter location. Companies were also excluded if the known employee count was less than 1000.