Learn more about Whistic’s response to Apache Log4j and what we’re doing to help our customers with this vulnerability. Read more

How Cloud 100 Companies are Approaching Transparency

December 18, 2021

In the world we currently live in with data breaches and ransomware attacks becoming more commonplace, security is becoming even more of a priority for businesses. According to research by G2, among mid-market and enterprise customers, it is the top priority when evaluating SaaS solutions.

That same study found that 83% of companies require a security or privacy assessment when purchasing software. Vendors who want to stand out from the competition are being more and more transparent about their security information and sharing it on their website or exchanges like Whistic’s Trust Catalog or the CSA Star Registry.

That’s why more and more businesses are being proactive and transparent about the security information they are sharing publicly. That’s why we decided to conduct research around transparent security practices to determine what the latest trends are in the marketplace around transparency and the impact it has on sales cycles.

Over the course of the next several weeks, we will be highlighting some of the findings of our research in this blog. Today’s post delves into the security and privacy pages of Forbes Cloud 100 companies. If you’d like to read the entire report, it can be found here.

 

The importance of security certifications and audits

Many Cloud 100 businesses are also emphasizing certifications and audits on their privacy pages, including SOC 2 (43%), ISO 27001 (33%), PCI Compliance (21%), and HIPAA (15%), among others.

 

SOTAT_Ebook Cover

Read Our New eBook: State of Transparency and Trust

In this ebook, we discuss the findings from our recent research on transparency and security policies along with recommendations for building a vendor security program that helps establish trust in the sales cycle.

Download Now

 

Cloud 100 Companies project compliance

With news of data breaches becoming more and more prevalent, cloud businesses are being more proactive about publishing privacy policies and showing what they’re doing to protect their customers’ private information. In fact, our research found that 87% of businesses in the Cloud 100 have privacy pages on their website.

Additionally, as more legislation is passed to protect consumer data like CCPA and GDPR, businesses that handle personal information need to show what they’re doing to comply with various privacy laws. As a result, 63% of Cloud 100 businesses display their compliance with GDPR, while 57% display CCPA compliance.

 

Contact information is hard to come by

Only 18% of Cloud 100 companies include contact information for privacy teams, while just 3% include an email address for the security team. 

 

Few offer vulnerability disclosure information

Just two percent of Cloud 100 companies’ security or privacy pages included a vulnerability disclosure email or phone number, while only nine percent included details about a bug bounty program.

 

Download our report

To learn more about how vendor transparency is impacting customer trust, check out our latest report, The State of Transparency and Trust. In addition to the information above, we analyze survey results from 520 cybersecurity and InfoSec professionals about their views on transparency and provide tips for building an effective security and trust page on your website.

If you’d like to learn more about how Whistic can help your business, request a demo today.

vendor risk management vendor assessment security profile vendor security review vendor security management

About the author

Whistic
Whistic

The latest insights and updates on information security and third party risk management.

Hate security reviews?
Want FREE AirPods?*

Offer valid for any decision-maker/influencer in relation to your company’s third-party risk management strategy. Company size must exceed 100 employees. Exclusions apply. Limit 1 pair per company.

Close