About Us

Moody’s partner BitSight with an investment of $250 million to create integrated cybersecurity risk platform

Moody’s Corporation and BitSight announced a significant investment by Moody’s, further enhancing BitSight’s offerings and capabilities, to create a comprehensive, integrated, industry-leading cybersecurity risk platform. Moody’s will invest $250 million in BitSight. This transaction reflects the increasing strategic, financial, and operational impact of cyber risk to organizations and markets.

BitSight, a leader in cybersecurity ratings, and BitSight will acquire VisibleRisk, a cyber risk ratings joint venture founded by Moody’s and Team8, a worldwide venture organization, as part of the announced transaction.

BitSight helps global market participants understand cyber risk through ratings, analytics, and performance management tools, delivering unique insights for over 2,300 global customers, including many Fortune 500 companies, government agencies, insurers, and asset managers. Moody’s will leverage BitSight’s extensive cyber risk data and research across its growing suite of integrated risk assessment product offerings. BitSight’s acquisition of VisibleRisk adds a unique in-depth cyber risk assessment capability and advances its ability to analyze and calculate an organization’s financial exposure to cyber risk. BitSight is valued at $2.4 billion in this deal, indicating the company’s leadership in a growing data and analytics sector.

“As organizations invest in cyber defense and resilience, another critical need has emerged: the ability to accurately measure and quantify cyber risk and exposure. Creating transparency and enabling trust is at the core of Moody’s mission – to help organizations assess complex, interconnected risks and make more informed decisions. BitSight is the leader in the cybersecurity ratings space, and together we will help market participants across disciplines better understand, measure, and manage their cyber risks and translate that to the risk of financial loss,” said Rob Fauber, President and Chief Executive Officer of Moody’s.

“Cybersecurity is one of the biggest threats to global commerce in the 21st century. Our partnership with Moody’s and acquisition of VisibleRisk expands our reach to help customers manage cyber risk in an increasingly digital world,” said Steve Harvey, President and Chief Executive Officer of BitSight.

Omada and SecZetta Collaborate to Decrease Threat of Third-Party Breaches

Omada, a worldwide provider of Identity Governance and Administration (IGA) solution announced an integration with SecZetta, a leading provider of third-party identity risk management solutions. Companies will be able to minimize the risk of third-party data breaches as a result of the integration.

SecZetta delivers easy-to-use, purpose-built third-party identity risk solutions to assist organizations in implementing risk-based identity access and lifecycle strategies for third-party non-employee populations such as contractors, supply chain, suppliers, partners, bots, and more. SecZetta information on managing third-party identities, onboarding, role changes, contract extension, termination, and identity risk management is used by Omada to help third-party users make better access decisions.

Companies are in danger because of this absence of protocol with non-employees; an estimated two-thirds of data breaches nowadays are caused by a third party. Businesses require a way to track and manage all of the people and things who have access to corporate systems. SecZetta uses a collaborative onboarding process to gather contextual information on third-party non-employees, which it then sends to Omada for providing and de-provisioning of access, as well as identity governance and access for SecZetta’s customers.

“Organizations are hyper-focused on adopting Zero Trust policies in the hope of reducing the risk of access-related cybersecurity incidents. Our integration with Omada enables organizations to extend the diligence they have around providing least privilege access to employees to their riskier, non-employee users,” said Jeremy Rohrs, Senior Vice President of Global Sales & Business Development, SecZetta.

“With most organizations today relying on third parties to achieve business goals, it’s critical to get access management right. It’s a balance between security and productivity – and that’s what this integration provides. Organizations can work confidently with non-employees, knowing they are all fully accounted for without creating a drag on IT resources,” said Michael Garrett, CEO, Omada.

Integrated Risk Management Platforms – All You Need to Know

Defining risk

A risk is defined as “the potential for loss due to uncertainty” or “the possibility of something bad happening due to lack of security”.

From these definitions, we can safely incur, that to reduce risk, organizations should not only be extremely risk-aware, but also have impeccable security measures in place. In order to make organizations guarded from various types of risk, (Material/Physical Risks, Cyber Risks, Reputational Risks, Legal Risks, or Operational Risks) there are several measures that can be put in place – one of them being ERM or Enterprise Risk Management.

ERM is the practice of analyzing potential risk and creating a plan to control risk-eliminating activities. It helps view risks from a bird’s-eye view – at an organizational level – and create strategies that ensure mitigation of risk.

However, with the digital revolution unfolding, information/data dependency has drastically increased. This also means that the IT or Cyber-risks are rapidly evolving and call for a comprehensive methodology to deal with them.
Integrated Risk Management (IRM) specializes in handling the risks prevalent in an organization’s technological infrastructure. While it still includes multiple elements of Enterprise Risk Management, it takes a more polished, all-encompassing approach to risk management. It equips an organization to acknowledge, understand, and curb their distinct risk scenarios.

The correct implementation of IRM is highly dependent on an organizations’ risk-awareness and ability to –
  • Create and implement governance, risk assessment, and risk ownership framework.
  • Identify upcoming risks internally and externally.
  • Create and implement a response strategy.
  • Continuously monitor business objectives, update governance policies in accordance with goals, remain updated on new types of risks and threats, and comply with regulations.
  • Adopt the correct IRM solutions to build a strong and unified risk management architecture.
What are Integrated Risk Management Platforms?

Traditionally, GRC (Governance, Risk, and Compliance) Platforms took a siloed approach to risk management. This often led to negligence of important details and increased vulnerabilities.

GRC Platforms helped manage –

  • Governance – The framework of rules and guidelines that create a foundation for all business practices.
  • Risk – The possibility of an organization facing losses due to negligence, breach, non-compliance, or poor governance.
  • Compliance – Following the framework of rules established to ensure governance and reduction of risk.

As time has passed, GRC platforms have morphed into being more flexible, less siloed platforms. They now view risk management as a whole – with governance and compliance being an integral part of the risk management process. These evolved Governance, Risk and Compliance (GRC) Platforms are now known as Integrated Risk Management (IRM) / Centralized Risk Management (CRM) Platforms.

Integrated Risk Management Platforms help organizations cope with their ever-increasing risk management needs. The various functionalities of IRM Platforms are listed below –
  • Manage risks across data security, cyber security and compliance areas spanning across various locations or sources.
  • Standardize risk assessment methods and risk management frameworks across siloes to unify risk management practices across business functions.
  • Provide visibility into threat exposure, risk interconnections, vulnerabilities and their impact on overall security measures.
  • Create an internal audit process to provide specialized risk assessments and insights.
  • Create a tracking framework dependent on business policies to make compliance and data usage ethics stronger. This tracking also helps locate and remedy violations.
  • Store all the data required to monitor risks securely on a centralized database.
  • Create risk libraries that catalog the most critical risks and provide accurate and actionable data pertaining to the threat history for an organization.
  • Analyze risk-related data and present comprehensive reports with heat maps, risk summaries and risk-control dashboards.
  • Automate risk management tasks, deliver reminders and record events.
  • Highlight compliance related risks through continuous monitoring and real-time updates.

Apart from these, IRM systems can also manage end-to-end third-party risk assessments by reaching out to external databases and gathering information continuously to help organizations mitigate risks.
Integrated Risk Management Platforms are advantageous because they help organizations to reduce the manual labor that goes into ensuring information security for an enterprise. Additionally, there are multiple other advantages that automating risk management can bring.

  • Identify and analyze risks at the organizational level and create a strategic plan for risk management.
  • Execute risk management and compliance policies.
  • Speed up decision-making by providing a comprehensive list of the risks and pain points involved.
  • Create a bridge between the planning and execution of governance and compliance policies.
  • Become and remain risk-aware and proactive in risk management.