Risk assessment through constant monitoring
Companies operating in all sectors are facing new threats arising from developments in the ICT field. Before these increasing threats, there is a growing concern among companies to know their security levels and their stakeholders' security levels. In this regard, Telefónica has partnered with BitSight to provide the Benchmarking & Supply Chain Service, which affords organizations a security level overview of not only themselves but also their vendors and stakeholders.
Benchmarking & Supply Chain is:
- Non-intrusive: black box approach using only external sources. No need for network access or questionnaires.
- Scalable: fully automated. Aggregated risk for the supplier portfolio.
- Objective: cross-cutting approach that measures all organizations based on the same factors.
- Dynamic: om-going risk assessment by continuously monitoring security levels.
- Verifiable: third-party-validated breach to rating correlation.
- Objective and non-intrusive monitoring of strategic suppliers.
- Measurement of the impact of security procedures and tools.
- Security budget RoI calculation and comparison with the competition.
- Data-based due diligence.
Proactive cyber-risk measurement and improvement of insureds
Benchmarking & Supply Chain is employed for multiple applications, including:
- Supplier risk management: continuous security management of hundreds and even thousands of suppliers.
- Benchmarking: evaluation of security initiatives and comparison with the sector and competition.
- Mergers & acquisitions: evaluation of the security in companies before they are purchased, or continuous monitoring of their portfolio of companies.
- Cyberinsurance: cyber-risk assessment of new applicants and risk monitoring of the insured.
Contact us for more information or begin measuring the security level of your company with a PoC.
- Intuitive and user-friendly interface that affords a quick overview of the business ecosystem risk client’s organization.
- API availability for programmatic access to information and the possibility of integration with third-party solutions and the organization’s own tools.
- Role-based access control that provides the possibility of restricting access of users to certain groups of companies.
- Powerful alert engine to define different thresholds on the basis of the selected group of companies.