BitSight, a startup out of Boston that helps organizations assess the likelihood of a cyberattack, announced Monday that it received a $250 million investment from Moody’s. This deal makes the credit rating giant the largest shareholder in the company, and values BitSight at $2.4 billion.
Founded in 2011, BitSight has become a leader in the cybersecurity space over the years, providing things like ratings, analytics and various performance management tools to help organizations better understand their cyber risk. Today, the startup says it has more than 2,300 customers globally, including Fortune 500 companies, government agencies, insurers and asset managers.
This latest deal will allow BitSight to continue to grow its platform, and Moody’s plans to make use of BitSight’s cyber risk data to strengthen its own integrated risk assessment product offerings. In addition to the funding, BitSight has announced it will acquire VisibleRisk, a cyber risk ratings joint venture created by Moody’s and Team8, for an undisclosed sum. This will allow BitSight to better analyze and calculate a given organization’s financial exposure and cyber risk.
“Our partnership with Moody’s and acquisition of VisibleRisk expands our reach to help customers manage cyber risk in an increasingly digital world,” BitSight’s president and CEO Steve Harvey said in a statement, adding that cybersecurity is “one of the biggest threats to global commerce in the 21st century.”
Indeed, this news is coming at a time when high-profile hacks and ransomware attacks seem to be on the rise, costing individual companies millions of dollars and sabotaging supply chain operations around the world. When Built In last caught up with BitSight in 2018, the company had just raised a $60 million Series D. At the time, global ransomware attacks cost companies about $8 billion total, according to a report by Online Trust Alliance. That number is expected to reach $20 billion by the end of this year.
Over this summer alone, ransomware attacks have affected virtually every industry, from meat production to oil to healthcare. And this has led to more than just inconveniences and lost money; it’s become a threat to the economy and America’s national security. Last year, alleged Russian spies exploited software made by federal contractor SolarWinds to hack into several U.S. agencies and about 100 companies. Hundreds of utility providers across North America also downloaded the malicious software, posing a massive risk to the security of those organizations and the data they possess.
These breaches inspired President Joe Biden to issue an executive order in May that requires federal contractors to meet a set of security standards around their data management, and several officials from his administration have been urging companies to be more transparent about the security of their software. This new investment in BitSight could be a big first step in helping some of the world’s largest companies do just that.
“As organizations invest in cyber defense and resilience, another critical need has emerged: the ability to accurately measure and quantify cyber risk and exposure,” Rob Fauber, the president and CEO of Moody’s, said in a statement. “BitSight is a leader in the cybersecurity ratings space, and together we will help market participants across disciplines better understand, measure and manage their cyber risks and translate that to the risk of financial loss.”
Following BitSight’s acquisition of VisibleRisk, the company says it plans to create a “risk solutions division” to deliver a suite of solutions and analytics to stakeholders like chief risk officers, c-suite executives and boards of directors. Plus, BitSight is hiring, with more than 20 open tech positions available now.
