SecurityScorecard Publishes Scoring Methodology in Unprecedented Push for Transparency
SecurityScorecard Becomes First Security Ratings Company to Publicly Publish How Scores Are Calculated
New York, NY - May 14, 2020 – SecurityScorecard, the global leader in security ratings, announced today that in an industry-leading move, it has publicly published its scoring methodology to educate the general public on how security scores are calculated. This is part of a significant update to its best-in-class Trust Portal, which provides transparency and visibility into the methodology and performance of the company’s award-winning security ratings platform.
“The cornerstone of security ratings is trust. That's why we are publicly sharing exactly how we compute our scores and showing transparently why our customers and partners worldwide confidently use our scores to make key business decisions faster,” said Sam Kassoumeh, COO and co-founder of SecurityScorecard. “Our high accuracy rates show the quality, breadth, and measurements of our data and its sources to help organizations act quickly and minimize their risk exposure.”
Security rating companies use a combination of data points collected organically or purchased from public and private sources, and then apply proprietary algorithms to articulate an organization’s security effectiveness into a quantifiable score. To achieve the highest possible accuracy, independent cybersecurity consultant firm Online Business Systems audited the IPs and domains for a sample set of Scorecards. The results of that test are posted here and available for review from the portal.
Other updates to the Trust Portal include:
- Refute response rates: If there are findings that organizations believe to be inaccurate, they can submit a change request backed by evidence
- Statistics around the refute process will be published, including the number of refutes submitted and SecurityScorecard’s response time. Historically, response time is less than 48 hours -- far less than any other security ratings company
- Two added charts showing refute volume for both domains and IPs
- A new section dedicated to frequently asked questions and answers
As organizations overwhelmingly move to the Cloud in order to streamline business operations, there is an increase in cybersecurity risks. SecurityScorecard’s security ratings enable organizations to regain visibility into their overall risk with continuous monitoring over external threats and across the entire vendor ecosystem.
SecurityScorecard is the global leader in cybersecurity ratings and the only service with over a million companies continuously rated. Founded in 2013 by security and risk experts Dr. Alex Yampolskiy and Sam Kassoumeh, SecurityScorecard’s patented rating technology is used by over 1,000 organizations for enterprise risk management, third-party risk management, board reporting and cyber insurance underwriting. SecurityScorecard continues to make the world a safer place by transforming the way companies understand, improve and communicate cybersecurity risk to their boards, employees and vendors. Every company has the universal right to their trusted and transparent Instant SecurityScorecard rating. For more information, visit securityscorecard.com or connect with us on LinkedIn.