Partnering to raise the bar on cybersecurity with security ratings.

Transforming the way organizations understand, mitigate, and communicate cybersecurity risk.

Report Insights Customer Stories

Raising the bar through key partnerships.

More About Partners

The SEC's Evolving Approach to Cyber Risk Management
The U.S. Securities & Exchange Commission recently proposed rules to strengthen the ability of public companies, funds, and advisors to combat cybersecurity threats and implement risk mitigation processes.
Here’s a sample of SecurityScorecard’s discussion with Kristy Littman, U.S. Securities and Exchange Commission Chief of the Crypto Assets and Cyber Unit, Michael Daniel, President & CEO of the Cyber Threat Alliance and Friso van der Oord, Senior Vice President, Content with the National Association of Corporate Directors discussing the importance of the proposed rules.
View the Webinar
Security Ratings Quantify Cyber Risk
The U.S. House of Representative’s Committee on Homeland Security entered research by SecurityScorecard into the congressional record at a joint hearing, “A Whole-of-Government Approach to Combatting Ransomware: Examining DHS’s Role.”
The report from SecurityScorecard used machine learning across 10 different factors to correlate with the relative likelihood of a ransomware attack. Subsequently, SecurityScorecard developed a sophisticated machine learning model that estimates the relative likelihood of a company falling victim to ransomware attack, based on non-intrusive observations of its cybersecurity posture. The predicted likelihood could be used to warn at-riskorganizations and to assist insurance carriers offering cyber-insurance policies.
Fireside Chat with N.Y. Department of Financial Services' Cyber Chief
In a Feb. 2 webinar, SecurityScorecard hosted Justin Herring, Executive Deputy Superintendent, Cybersecurity Division of the New York Department of Financial Services (DFS), and Luke Dembosky, Partner and Co-Chair of the Data Strategy & Security practice at Debevoise & Plimpton, to discuss DFS’s top cybersecurity priorities this year, current enforcement and examination trends, and the regulatory environment around cybersecurity in 2022.
In this conversation, Mr. Herring, the first Executive Deputy Superintendent of Cybersecurity at DFS. described the Cybersecurity Division’s aim to protect consumers and industries from cyber threats, including their recent adoption of security ratings to support their regulatory oversight.
Download Case Study
Cybersecurity Information Sharing & Scorecards | WWD Weekly Digest
In Jan. 2022, SecurityScorecard’s Vice President for Policy & Public Sector, Charlie Moskowitz, joined Water and Waste Senior Managing Editor Bob Crossen for a video interview to discuss water security cybersecurity. Together, they discussed recent Biden Administration regulatory action affecting the water sector, sector-wide cyber vulnerabilities, and the resource challenges facing small and rural community water utilities to defend against online threat actors.
Moving beyond the problems, Charlie also discussed two core solutions: continuous monitoring and information sharing, to help water utilities develop and raise threat awareness across the water sector utilities, and how a security ratings platform, like SecurityScorecard’s, can provide real-time, continuous monitoring to small and large water utility companies and help improve their overall cybersecurity.
Cybersecurity for the New Frontier: Reforming the Federal Information Security Management Act
The U.S. House of Representatives Committee on Oversight and Reform included testimony from SecurityScorecard at a hearing titled, “Cybersecurity for the New Frontier: Reforming the Federal Information Security Management Act.”
SecurityScorecard’s Statement for the Record advocated for Federal networks to include quantitative, data-driven metrics and real-time, continuous monitoring to build industry best practices into Federal network monitoring and risk management.
Log4j Vulnerability Technical Report
The recently discovered security flaw related to Log4j enables threat actors to remotely execute commands via remote code execution (RCE) on nearly any machine using Log4j.
Read the report to find out what SecurityScorecard’s Research team found on the implications of this vulnerability and what organizations can do to combat it.
View The Research Report

Hear From Our Customers

“The SecurityScorecard report does include several of the security measures required by the pipeline security directive. As such, TSA’s security directives and the implementation of required measures could be validated by the SecurityScorecard or similar tools to readily identify potential security gaps.”
David Pekoske Administrator of the Transportation Security Administration
1 / 0
"The emergence of security ratings has increased the use of cyber risk quantification to calculate and measure cyber risk exposure. These security ratings provide a starting point for companies’ cybersecurity capabilities and help elevate cyber risk to the level of board decision-making."
Bob Kolasky Assistant Director for the National Risk Management Center, Cybersecurity and Infrastructure Security Agency
1 / 0
"For even trusted sources, program managers should maintain continuous awareness of source compromises and be prepared to respond to sudden loss of trust in a repository."
John B. Sherman Chief Information Officer, Department of Defense
1 / 0
"Tools and services such as [security ratings], if in wider use, could better inform industry of certain vulnerabilities to act upon and decrease gaps in cybersecurity. These “scorecards” provide a rating of cybersecurity postures of corporate entities through a non-intrusive “outside-in” view of security metrics and cyber threat intelligence signals."
TSA Part of the House Committee on Homeland Security
1 / 0

SecurityScorecard stands with CISA and its partners in responding to ongoing Russian state-sponsored cyber activity in connection with Russia's attack on Ukraine.

For the latest from SecurityScorecard’s Global Investigations, go to CISA’s “Shields Up Technical Guidance”

Partnering to raise the bar on cybersecurity with security ratings.

Raising the bar through key partnerships.

The SEC's Evolving Approach to Cyber Risk Management

Security Ratings Quantify Cyber Risk

Fireside Chat with N.Y. Department of Financial Services' Cyber Chief

Cybersecurity Information Sharing & Scorecards | WWD Weekly Digest

Cybersecurity for the New Frontier: Reforming the Federal Information Security Management Act

Log4j Vulnerability Technical Report

Hear From Our Customers

Latest Resources

Insights from the Experts: Legal, Compliance, and Security Perspectives on SEC Regulations

Cintas

Cyberattack at Sisense Puts Critical Infrastructure on Alert

Change Healthcare Ransomware Attack Spotlights Single Point of Failure with Third-Party Vendor

SecurityScorecard Unveils the Industry’s Most Predictive Cybersecurity Risk Ratings with Refined Scoring Algorithm

Data Methodology – Applying AI-Driven Methodologies to Generate More Meaningful Cybersecurity Ratings

How SecurityScorecard STRIKE Identifies Zero Days in the Wild

Examining NIST CSF 2.0: Everything you need to know

National Vulnerability Database Updates: How SecurityScorecard’s CVEDetails can help

Breaches Beyond Borders: The global landscape of third-party risk

How to Avoid Online Tax Day Scams: Tips to protect your finances and data

Why metrics—and context—matter: How CISOs can measure and communicate cyber resilience

Harnessing the Power of Artificial Intelligence: A closer look at the European Union’s new landmark legislation

From Brackets to Breaches: Securing Your Network Against March Madness Scams

Celebrating Cybersecurity Excellence: Forbes Most Cybersecure Banks, 2024

SecurityScorecard stands with CISA and its partners in responding to ongoing Russian state-sponsored cyber activity in connection with Russia's attack on Ukraine.