top of page

News & Views


Managing downstream risk

As organizations’ vendor and fourth-party ecosystems continue to expand, so does their risk surface; however, lack of visibility into that ecosystem and the cyber risk within it makes it difficult for them to understand and effectively manage that risk.

Security ratings specialists, BitSight ( announces several enhancements to its BitSight for Fourth-Party Risk Management solution ( that provides organizations with deeper, automated and continuous visibility into their extended business ecosystem to help them more effectively manage fourth-party risk.

Updates include expanded observable fourth-party datasets, including 80 categories of technology service providers (e.g. hosting, DNS, CDN, security, expense management) and more than 11,000 technology products (e.g. Amazon Web Services, Microsoft Azure, Dyn DNS, Microsoft Office 365), and an enhanced user experience.

According to a recent EY survey ( 74% of organizations say that fourth-party concentration risk would be extremely challenging to report on or that they could not report on it at all.

“Outages, disruptions and compromises affecting fourth-party service providers are becoming an increasing threat, while regulatory pressure on organisations to get a better handle on fourth-party risk continues to mount,” explains Vineet Seth, vice president of Product Management, BitSight.  

“BiSight for Fourth-Party Risk Management equips organisations with the needed visibility to better evaluate and select vendors, identify common dependencies in order to triage and prioritize outreach to vendors, and continuously monitor fourth- and nth-parties to better manage cyber risk across the extended business ecosystem.”

Founded in 2011, BitSight transforms how organizations manage cyber risk.  With over 1,800 global customers and the largest ecosystem of users and information, BitSight is the most widely used Security Ratings Service.

bottom of page