BSIMM11 and Industry Verticals: Regulated Industries (Financial services, healthcare, insurance)

By : Krishna Anindyo | Monday, September 21 2020 - 16:30 IWST

Spider Charts by Noting The Highest-Level Activity Observed for Each Practice BSIMM Participant
Spider Charts by Noting The Highest-Level Activity Observed for Each Practice BSIMM Participant

INDUSTRY.co.id - Synopsys created spider charts by noting the highest-level activity observed for each practice per BSIMM participant (a “high-water mark”) and then averaging these values over the group of 130 firms to produce 12 numbers (one for each practice).

The resulting spider chart plots these values on 12 spokes corresponding to the 12 practices. Note that performing level 3 (the outside edge) activities is often a sign of Software Security Initiative (SSI) maturity but only because organisations tend to start with common activities (level 1) and build from there toward uncommon activities.

Three verticals in the BSIMM operate in highly regulated industries: financial services, healthcare, and insurance (see Figure 6). In our experience with the BSIMM, large financial services firms reacted to regulatory changes and started their SSIs much earlier than insurance and healthcare firms.

Even as the number of financial services firms has grown significantly over the past five years, with a large influx into the BSIMM data pool of newly started initiatives, the financial services SSG average age at last assessment time is 4.9 years versus 3.8 years for insurance and 3.7 years for healthcare.

Time spent by financial services firms maturing their collective SSIs shows up clearly in the side-by-side comparison.

Although organisations in the insurance vertical include some mature outliers, the data for these three regulated verticals show insurance lags behind in the Strategy & Metrics, Compliance & Policy, and Attack Models practices, while moving above average in the Security Testing practice.

Compared to financial services firms, we see a similar contrast in healthcare, which achieves par in Compliance & Policy, Architecture Analysis, Code Review, and Penetration Testing, but lags in other practices.

In the BSIMM population, we can find large gaps between the maturity of verticals, even when the technology stacks might be similar. Consider Figure 7, which directly compares the current technology and healthcare verticals.

In this case, there is an obvious delta between technology firms that build devices tied to back-end services and healthcare firms that increasingly build devices tied to back-end services.

The disparity in maturity extends to most practices, although the healthcare vertical is predictably ahead in the Compliance & Policy practice.

Fortunately for organisations that find themselves behind the curve, the experiences of many BSIMM participants provide a good roadmap to faster maturity.

News Comment

Today's Industry

President Jokowi on Thursday (10/06) inspected mass COVID-19 vaccination at Kampung Rambutan Bus Station, Jakarta. Photo by: BPMI of Presidential Secretariat/ Muchlis Jr

Kamis, 10 Juni 2021 - 22:15 WIB

President Jokowi Inspects Mass COVID-19 Vaccination at Kampung Rambutan Bus Station

President Joko “Jokowi” Widodo on Thursday (10/06) inspected mass COVID-19 vaccination at Kampung Rambutan Bus Station, Jakarta.

President Joko Widodo

Kamis, 10 Juni 2021 - 21:00 WIB

President Jokowi: Limited Face-to-Face Learning Will Be Done With Extra Caution

The Government has announced plan to allow face-to-face learning at schools in the new academic year in the upcoming July. Related to this plan, President Joko “Jokowi” Widodo has ordered…

President Jokowi inspects mass vaccination at Indoor Stadium of KElapa Dua Sport Center in Tangerang regency, Banten province, Wednesday (09/06/2021). (Photo: Bureau of Press, Media, and Information of Presidential Secretariat/Muchlis Jr)

Kamis, 10 Juni 2021 - 20:00 WIB

Gov’t Aims for One Million Vaccinations Per Day in July

The Government has announced target to give 700,000 jabs of vaccine per day in June and one million jabs per day in July. During inspection at mass COVID-19 vaccination site on Wednesday (09/06)…

President Jokowi inspects mass COVID-19 vaccination at RSUI Depok, West Java, Wednesday (9/6). (Photo by: BPMI/Muchlis Jr)

Kamis, 10 Juni 2021 - 19:00 WIB

President Jokowi Inspects Mass COVID-19 Vaccination at Universitas Indonesia Hospital in W. Java

President Joko “Jokowi” Widodo, on Wednesday (9/6), inspected mass COVID-19 vaccination at Universitas Indonesia Hospital (RSUI), Depok, West Java.

President Jokowi inspects the first stage of Jabodebek LRT construction, Wednesday (09/06/2021) morning. (Photo: Bureau of Press, Media, and Information of Presidential Secretariat/Laily Rachev)

Kamis, 10 Juni 2021 - 17:55 WIB

President Jokowi Inspects Jabodebek LRT Construction

President Joko “Jokowi” Widodo Wednesday (09/6) inspected the construction of Light Rail Transit (LRT) with tracks connecting the cities of Jakarta, Bogor, Depok, and Bekasi (Jabodebek).