Skip to main content
Security Scorecard

SecurityScorecard Report Reveals 2020 Democratic Presidential Candidates Have Learned Cyber Lesson

Posted on February 20th, 2020

Report Shows Democratic Presidential Candidates with High Marks in Cybersecurity; Results Highlight Lessons Learned from 2016 Election

New York, NY, February 20, 2020 - SecurityScorecard, the global leader in security ratings, today released the 2020 Democratic Presidential Candidates Get Smart to Cybersecurity Report which provides an in-depth view of the cybersecurity hygiene of every Democratic presidential candidate running. SecurityScorecard found every candidate’s campaign to have high marks, highlighting that politicians have placed a priority on cybersecurity following the successful cyber and misinformation attacks in the 2016 general election.

Due to the extensive reporting of foreign interference, the responsibility of secure and ethical online campaigning has become a central issue in the 2020 election, and candidates have taken heed. SecurityScorecard found overall commendable cybersecurity postures, with all candidates receiving a SecurityScorecard Rating of ‘B’ or above.

This is a follow up to SecurityScorecard’s 2019 report: Analysis of Cyber Risk Exposure for Political Parties, which highlighted the disappointing cybersecurity posture of political parties in the U.S. and abroad. In the previous report, the Democratic National Committee (DNC) received a ‘C’ Security Rating. Statistically, those with a score of ‘C’ or below are more than five times as likely to experience a data breach than those with an ‘A’ or ‘B’ rating.

“Campaigns have seen the consequences of hacks and breaches -- invaluable, confidential information that can be leaked to defame and embarrass candidates while losing the trust of the American people. It’s clear that they do not want 2020 to be a repeat of 2016,” said Paul Gagliardi, Head of Threat Intelligence and CISO at SecurityScorecard. “Through the SecurityScorecard platform, we had an ‘outside-in’ view of each candidate’s security posture to see exactly what an attacker might see to determine how secure each candidate’s campaign is from cyber interference.”

Key Findings:

  • SecurityScorecard found that the overall cybersecurity posture of the Democratic candidates is positive: All candidates’ campaigns were graded at a ‘B’ or above, whereas SecurityScorecard’s last report in 2019 found that the DNC overall had a ‘C’ grade.
    • The respective scores for each candidate’s campaign site includes:
      • Joe Biden - ‘A’
      • Pete Buttigieg - ‘A’
      • Amy Klobuchar - ‘A’
      • Tulsi Gabbard - ‘A’
      • Tom Steyer - ‘A’
      • Bernie Sanders - ‘B’
      • Michael Bloomberg - ‘B’
      • Elizabeth Warren - ‘B’
  • This turnaround shows an increased focus on cybersecurity measures and candidate willingness to invest in good cyber hygiene.
  • Each campaign utilizes third parties for critical technical functions. These third parties also exhibited clean external facing hygiene, although there is a risk for them becoming a target for sophisticated actors.
  • Despite overall positive cyber posture, there were problematic findings with non-sanctioned websites and applications. For example, SecurityScorecard discovered a cross-site scripting (XSS) attack among a third-party community event management application supporting Andrew Yang, who has since dropped out of the race.
    • This raises the question of how campaigns should communicate these flaws to their unsuspecting user base.

Methodology can be found in the report with the full list of all candidates.

Although all signs point to the candidates heeding the call of security experts, the cybersecurity landscape changes daily, with a balance needed of continual improvements and risk analysis. Campaigns seem to have concluded that outsourcing critical functions to third parties gives them a better chance at keeping their campaigns secure. However, third parties are just as vulnerable to attacks and breaches, so it is extremely important to remain vigilant and understand the posture of all third parties in the campaign’s ecosystem.

This report in no way concludes that attacks will not be successful against these candidates, whether that be now or in the future. The style of security assessment conducted by SecurityScorecard was non-intrusive and limited only to publicly-available assets. For this report, SecurityScorecard focused on the Democratic candidates and will be conducting a follow-up report diving into the cybersecurity posture of the Democratic, Republican and third-party nominees once they are chosen by their respective parties.

About SecurityScorecard

SecurityScorecard is the global leader in cybersecurity ratings and the only service with over a million companies continuously rated. Founded in 2013 by security and risk experts Dr. Aleksandr Yampolskiy and Sam Kassoumeh, SecurityScorecard’s patented rating technology is used by over 1,000 organizations for self-monitoring, third-party risk management, board reporting and cyber insurance underwriting; making all organizations more resilient by allowing them to easily find and fix cybersecurity risks across their externally facing digital footprint. SecurityScorecard is the only provider of instant risk ratings that automatically map to vendor cybersecurity questionnaire responses - providing a true 360- degree view of risk. SecurityScorecard continues to make the world a safer place by transforming the way companies understand, improve and communicate cybersecurity risk to their boards, employees and vendors. Every company has the universal right to their trusted and transparent Instant SecurityScorecard rating. For more information, visit or connect with us on LinkedIn.

Media Contact:

Fehmida Bholat
[email protected]

Join us in making the world a safer place.