Governance & Risk Management , Risk Assessments , Video

BitSight CEO on Going From Security Ratings to Managing Risk

Steve Harvey on Why Boards Want to Understand the Risk Factors, Not Just the Rating
Steve Harvey, CEO, BitSight (Image: BitSight)

Security ratings provide a strong indication of potential risk, but boards increasingly want to drill into the underlying risk factors, says BitSight CEO Steve Harvey.

See Also: Breaking Down Silos With a Holistic View of Security, Risk

BitSight has invested in both workflows around third-party risk and research and identification of CVEs on behalf of government agencies, insurance companies and large customers, Harvey says. Boards increasingly realize they have a fiduciary responsibility to understand the cybersecurity landscape and need a common language that is universally understood by security teams, the C-suite and the board (see: Cyber Risk Quantification: The Quest for Transparency)

"We grew up as a security rating company, and increasingly what we're seeing as we expand our portfolio is this move into broader cyber risk management," Harvey says. "We're anchored on the rating, and the rating gives you a very strong indication of potential risk. But there's an ability to drill in below to the risk factors and expose the underlying data."

In this video interview with Information Security Media Group, Harvey also discusses:

Harvey joined BitSight in his current role at the start of 2020. He is a risk management and corporate governance veteran with more than 30 years of business and operational leadership. Harvey has successfully built market-defining data and analytics businesses, including most recently at Institutional Shareholder Services, where he spent more than 12 years as chief operating officer and chief revenue officer.

About the Author

Michael Novinson

Michael Novinson

Managing Editor, Business, ISMG

Novinson is responsible for covering the vendor and technology landscape. Prior to joining ISMG, he spent four and a half years covering all the major cybersecurity vendors at CRN, with a focus on their programs and offerings for IT service providers. He was recognized for his breaking news coverage of the August 2019 coordinated ransomware attack against local governments in Texas as well as for his continued reporting around the SolarWinds hack in late 2020 and early 2021.

Around the Network

Our website uses cookies. Cookies enable us to provide the best experience possible and help us understand how visitors use our website. By browsing, you agree to our use of cookies.