As part of SecurityScorecard’s commitment to making the world a safer place, we are now the first and only security ratings platform to integrate with OpenAI’s GPT-4 system. With this natural language processing capability, cybersecurity leaders can find immediate answers and suggested mitigations for high-priority cyber risks.

Cybersecurity has become a top-of-mind concern for many C-level executives and board members. Data breaches are a daily occurrence and carry a hefty — and growing — price tag averaging $4.35 million worldwide, according to the latest Cost of a Data Breach report. However, this is only one of several potential cybersecurity risks that an organization can face.

After COVID, enterprise IT security got turned on its head. As the world adjusted to working from home, and continues to, IT teams worked overtime to enable remote access for millions of employees. This transition has gone smoothly for most organizations, but many security gaps still remain years later. The SolarWinds data breach is a worrying example. It shows how vulnerable organizations are to malicious activity in our changing risk environment.

Let's be honest – nobody likes security questionnaires. To vendors, they're irritating workflow interruptions, always seeming to arrive at the most inconvenient times. To businesses, they mark the first stage of a long, drawn-out process where vendors need to be continuously pestered to complete them. In this post, we outline three proven strategies for streamlining the security questionnaire process to eliminate stress for both the businesses that send them and the vendors receiving them.

Vendor security questionnaires accurately evaluate a third-party supplier’s attack surface, but only if they’re utilized intelligently. The quality, and therefore, accuracy, of questionnaires rapidly deteriorates when they become excessively lengthy, one-size-fits-all templates bloated with jargon. In this post, we suggest x actions for improving the accuracy of your security questionnaires and the overall efficiency of your security questionnaire process.

When a major security event like SolarWinds or Log4j happens, how do you assess the impact across your third-party supply chain? Most organizations struggle to effectively react to zero day attacks and other critical vulnerabilities at scale, often following manual and cumbersome workflows. But our latest capability is here to change that.

A recent study found that financially material cyber attacks are increasing in frequency and that the top 5% of such attacks lead to an average $52M in losses. As these types of cyber attacks become more frequent and more severe, it has become increasingly critical for risk managers outside of enterprise security functions —such as compliance and credit officers—to consider cybersecurity risk in their assessment of customers, suppliers and investments.

Today we are announcing updates to the Bitsight ratings algorithm. Bitsight is committed to creating the most meaningful, trustworthy, and actionable security ratings and analytics in the marketplace. As part of this commitment, we periodically make updates to our ratings algorithm based on new data observations and capabilities, internal and external research, and market feedback. For this year’s update, we have made several adjustments, including modifying the weights of several risk vectors.

In 2011, Bitsight invented the security ratings industry. As the market leader, we are still the standard in how organizations quantify, manage, and monitor cyber risk. Today, that universal metric is used by entities from national governments to global enterprises to Fortune 500 companies to interpret cyber risk. And now, we’re disrupting the industry once again. Waves of change are constantly disrupting companies of all sizes around the world, particularly when it comes to cybersecurity.

Risk used to be a word thrown around as if it could be defined generally and, once defined, consistently applied to all business and technology use cases. This didn’t work out so well for customers, CISO’s, or vendors. Risk was a “four-letter-word” and it fell out of common use.