BitSight CEO on Going From Security Ratings to Managing RiskSteve Harvey on Why Boards Want to Understand the Risk Factors, Not Just the Rating
Security ratings provide a strong indication of potential risk, but boards increasingly want to drill into the underlying risk factors, says BitSight CEO Steve Harvey.
BitSight has invested in both workflows around third-party risk and research and identification of CVEs on behalf of government agencies, insurance companies and large customers, Harvey says. Boards increasingly realize they have a fiduciary responsibility to understand the cybersecurity landscape and need a common language that is universally understood by security teams, the C-suite and the board (see: Cyber Risk Quantification: The Quest for Transparency)
"We grew up as a security rating company, and increasingly what we're seeing as we expand our portfolio is this move into broader cyber risk management," Harvey says. "We're anchored on the rating, and the rating gives you a very strong indication of potential risk. But there's an ability to drill in below to the risk factors and expose the underlying data."
In this video interview with Information Security Media Group, Harvey also discusses:
- Why Moody's decided to make a major investment in BitSight;
- The impact of the VisibleRisk and ThirdPartyTrust acquisitions;
- Drivers behind increased demand for vendor risk management.
Harvey joined BitSight in his current role at the start of 2020. He is a risk management and corporate governance veteran with more than 30 years of business and operational leadership. Harvey has successfully built market-defining data and analytics businesses, including most recently at Institutional Shareholder Services, where he spent more than 12 years as chief operating officer and chief revenue officer.