"The implications for organisations across industries are that botnet infections cannot be ignored. Companies with poor botnet grades have been breached far more often than those with good grades, and actions should be taken to mitigate these risks," said BitSight's researchers in its report.
This doesn't mean that the botnets themselves are causing the increased risk, although that remains possible. More likely, said BitSight, their presence was indicative of the failure of security controls inside the affected organisation.
BitSight has also reported on the effect data breaches are having on a variety of US sectors, most recently recording a dip in performance on the basis of its own security metrics. Some sectors are also more at risk of breaches than others.
It remains an intriguing possibility (one that BitSight would welcome for commercial reasons) that organisations might one day be assessed for security risk on the basis of independent ratings such as BitSght's.
Sign up for Computerworld eNewsletters.