Skip to main content
Security Scorecard

New Forrester Research Report Finds Adoption of Security Ratings on the Rise as CISO’s Look to Increase Predictive Capabilities and Minimize Third-Party Risk

Posted on April 26th, 2018

NEW YORK, April 26, 2018 – Forrester Consulting today issued a new research entitled “Security Ratings Set The Standard” that surveyed 158 security leaders to evaluate how enterprises are assessing and managing security threats to their IT infrastructure, as well as to their third-parties. The survey found that while the threat landscape is growing more complex and dangerous, security ratings platforms are becoming a key component to address those threats while delivering a strong return on investment. The report was commissioned by SecurityScorecard.

Forrester predicts that in 2018, security decision makers will face new challenges primarily brought on by political tensions, constant connectivity, the ubiquity of data, and digital transformation efforts. A lack of ecosystem visibility, paired with evolving risks, makes for huge operational security challenges.

Key Findings:

  • Security ratings adoption is on the rise: 87% of respondents who do use security ratings find them valuable (37%) or extremely valuable (50%). Twenty-nine percent of companies who do not currently use security ratings services are currently testing/piloting a tool or service, and another 41% plan to adopt them within the next two years.
  • Return on Security Investment: 91% of respondents stated that their ROI has at least met expectations, with 55% saying that ROI has exceeded expectations.
  • CISOs who are not using security ratings are missing out: Security and risk decision makers using security ratings benefit from improvements to threat intelligence, security posture, business resiliency, and ability to prioritize and justify new security investments, and more.. And many of the benefits that users have confirmed are greater than what nonusers of security ratings services would expect.
  • Predictive capabilities and visibility into third-party risk are the most valued: Predictive and prescriptive capabilities are the most important criteria for survey respondents when considering an investment in a security ratings platform, followed by visibility into third-party risk, compliance tracking, and robust detail behind the scores.

“Security ratings have rapidly moved from a novel technology to a key component of an enterprise cybersecurity program,” said Sam Kassoumeh, Co-Founder & COO, SecurityScorecard. “This study demonstrates the velocity at which the market is moving and the demand from security leaders to have visibility into the risks posed by their business partners and third party providers. Our triple-digit growth is directly related to our platform’s ability to deliver predictive analytics, ecosystem-wide visibility, compliance capabilities and the most comprehensive data set in the industry.”

To receive a free SecurityScorecard assessment and consultation for your business, visit

Findings from this report are based on an online survey Forrester conducted with 158 financial services, technology/software, manufacturing, healthcare, and/or retail enterprises in the United States to evaluate their cybersecurity tactics and adoption of security ratings services. Survey participants included director-level and above IT and operations decision makers with responsibility for security, risk, and compliance strategies. The study was conducted fully in March 2018.

About SecurityScorecard
Headquartered in the heart of New York City, SecurityScorecard's vision is to create a new language for measuring and communication security risk. The company was founded in late 2013 by Dr. Aleksandr Yampolskiy and Sam Kassoumeh, two former cybersecurity practitioners who had served, respectively, as Chief Information Security Officer and Head of Security and Compliance. With cloud solutions becoming an increasingly integral part of the security technology stack, Yampolskiy and Kassoumeh recognized the need to address third- and fourth-party risk as well as better understand the security capabilities of their business partners. Since its founding, the company has grown dramatically and now counts hundreds of leading brands as customers. SecurityScorecard is backed by leading venture capital investors including Sequoia Capital, GV, and Nokia Growth Partners among others. For more information, visit

Join us in making the world a safer place.