Following the footsteps of Rapid7’s long-running National Exposure Index, Rapid7 researchers turned their attention to exposure in corporate America—more specifically, the Fortune 500. Measuring key exposure metrics, we determine in this report the level of exposure represented by this group of organizations in order to help target cyber-risk reduction efforts, improve information-sharing within industry sectors, and build awareness of practices organizations can undertake to avoid future exposure.
The report reveals that cybersecurity basics are being missed or insufficiently deployed even among very large, mature, and well-resourced organizations. Keeping up with the never-ending task of maintaining a comprehensive security program is a challenge for organizations of all sizes—particularly when there is always more to be done amid constrained time and resources. If this challenge cannot comprehensively be met by these very large, high-revenue companies, it is not difficult to imagine how much worse it is for smaller organizations with far fewer resources to apply to security.
To learn more about the overall exposure of Fortune 500 companies, read the Industry Cyber-Exposure Report: Fortune 500.
The methodology outlined in this report describes several ways, based on openly available internet connections, to measure the exposure of specific organizations and industry sectors to certain cybersecurity risks. The report covers the following topics: