3rd Party Risk Management , Blockchain & Cryptocurrency , Governance & Risk Management

BitSight, Mastercard and Tenable Make Acquisitions

Risk Assessment, Improving DevSecOps, Cryptocurrency Risk Research Drive Deals
BitSight, Mastercard and Tenable Make Acquisitions

Merger and acquisition activity picked up again in September with BitSight, Tenable and Mastercard all making deals.

See Also: 2024 Global Threat Landscape Overview

BitSight reported on Monday it had received a $250 million investment from the bond rating firm Moody's Investors Service, which will make Moody's the largest shareholder of BitSight when the deal closes. At the same time, BitSight announced it had acquired the cyber risk rating company VisibleRisk.

Also on Monday, Tenable said it had entered into a definitive agreement to acquire the cloud-native security firm Accurics for about $160 million.

And Mastercard on Thursday announced it had acquired the cryptocurrency intelligence firm CipherTrace.


Moody's investment in the Boston-based BitSight and BitSight's purchase of VisibleRisk are designed to boost BitSight's ability to measure and quantify cyber risk and exposure, the company said.

"Our partnership with Moody's and acquisition of VisibleRisk expands our reach to help customers manage cyber risk in an increasingly digital world," says Steve Harvey, president and CEO of BitSight.

Moody's intends to incorporate BitSight's cyber risk data and research across its suite of integrated risk assessment product offerings, the company says. BitSight also says it believes its acquisition of VisibleRisk will bring additional cyber risk assessment capability into the company and advance its ability to analyze and calculate an organization's financial exposure to cyber risk, the company says.

Frank Dickson, program vice president for security and trust at IDC, says since Moody's is a credit rating service, it needs to be able to accurately measure a company's cyber risk.

"The problem is that you cannot evaluate the cyber risk posture of an organization using typical financial reporting tools," he says. "BitSight offers a platform to assess the security posture of an organization and then provide a risk assessment scoring. It is a great way to add a cyber risk posture assessment to Moody's credit rating service."

Tenable and Accurics

The Columbia, Maryland-based Tenable says it targeted the Pleasanton, California-headquartered Accurics for acquisition to bring on board that company's infrastructure as code technology, which detects threats and mitigates security issues in code during the development process and before launch.

"Following the completion of the acquisition, Tenable and Accurics will introduce a complete lifecycle approach to modern risk management, leveraging IaC to fix problems for any cloud environment - before they can expose the business to risk," Tenable says.

The deal is subject to customary purchase price adjustments and is expected to close late in the third quarter or early in the fourth quarter of 2021, subject to the satisfaction of customary closing conditions, Tenable says.

Mastercard and CipherTrace

The growing importance and acceptance of cryptocurrency in the world economy was the driving force behind Mastercard's decision to acquire Menlo Park, California-based CipherTrace, the company says.

"The integrated offering will build on CipherTrace's suite of digital assets and Mastercard's cybersecurity solutions to provide businesses with greater transparency to help identify and understand their risks and to help manage their digital asset regulatory and compliance obligations," Mastercard says.

The company says this deal is part of its overall strategy in the digital assets space to help provide customers, merchants and businesses with more choice in how they move digital value.

"Mastercard simply cannot ignore bitcoin. As you might expect, Mastercard has been investing in cryptocurrency companies lately, including partnership deals with BitPay, Gemini, and Uphold," Dickson says.

He adds that Mastercard's acquisition of CipherTrace is more about forensics than security. He describes CipherTrace as a blockchain analytics startup to illuminate illegal cryptocurrency transactions, much like Chainalysis and Elliptic.

About the Author

Doug Olenick

Doug Olenick

Former News Editor, ISMG

Olenick has covered the cybersecurity and computer technology sectors for more than 25 years. Prior to his stint as ISMG as news editor, Olenick was online editor for SC Media, where he covered every aspect of the cybersecurity industry and managed the brand's online presence. Earlier, he worked at TWICE - This Week in Consumer Electronics - for 15 years. He also has contributed to Forbes.com, TheStreet and Mainstreet.

Around the Network

Our website uses cookies. Cookies enable us to provide the best experience possible and help us understand how visitors use our website. By browsing govinfosecurity.com, you agree to our use of cookies.