SecurityScorecard Reinforces Commitment to Free Security Ratings for All Organizations

NEW YORK – Jan. 8, 2024 — SecurityScorecard today unveiled new capabilities to strengthen cybersecurity trust and transparency across the digital ecosystem. Building on a decade-long commitment to providing free security ratings for all organizations, SecurityScorecard innovations advance the industry’s most transparent, trusted, and accurate security ratings.

Any organization — at no cost — can always access and improve their security rating at https://securityscorecard.com/free-account/.

Dr. Aleksandr Yampolskiy, CEO and Co-Founder of SecurityScorecard, said: “SecurityScorecard firmly believes that security ratings are a fundamental right necessary to safeguard society and the economy. Since our founding over ten years ago, we’ve upheld an ethos based on transparency, fairness, and inclusivity. This commitment is validated by the active participation of over 60,000 organizations on the SecurityScorecard platform.”

Today, SecurityScorecard ratings are used by:

• 70% of the Fortune 1000
• 9 of the 10 top banking institutions
• 8 of the 10 largest insurance companies

COLLABORATION: OUR PATH TO A SAFER DIGITAL WORLD

Trust and transparency are built into all of SecurityScorecard’s products and services from the moment an organization registers for a free account. SecurityScorecard believes cybersecurity is a collective responsibility, and everyone should have a voice in ensuring the accuracy of security ratings.

New and existing SecurityScorecard capabilities are designed to create a more secure and resilient world:

• SecurityScorecard’s commitment to free security ratings:
  Any organization can view its rating, see the data that impacts a change in score, and access guidance for improvement – all at no cost. SecurityScorecard ratings are based on accurate data to objectively measure cyber risk and facilitate collaborative, risk-based conversations between organizations.
• Setting the gold standard in methodology transparency:
  SecurityScorecard stands alone in offering complete transparency in its scoring methodology. SecurityScorecard monitors hundreds of different cybersecurity signals and calculates a score based on a defined subset of issues. Each issue is associated with one of ten risk factor groups and is assigned a weight reflecting its severity.
• Introducing new user-contributed data integration:
  Any organization can now supplement its security rating with internal data, awarding achievements such as certifications, penetration testing, and cybersecurity training with positive scoring. SecurityScorecard provides a secure repository for certifications such as SOC 2 and ISO 27001 in its Evidence Locker. Once documentation is verified, organizations receive an evidence-based score improvement, encouraging a proactive cybersecurity ecosystem.
• Ensuring the most transparent refute process:
  Unlike other solutions, SecurityScorecard provides true transparency in the rating dispute process — this is equally open to customers and non-customers. All organizations have the right to challenge their rating and provide corrected or clarifying data. Disputed ratings are notated as such until resolved, and SecurityScorecard promptly reflects the inclusion of corrected information upon validation. All organizations receive a response from SecurityScorecard within 24 hours, and scores are adjusted within 72 hours.
• Improving unrivaled accuracy: false positives now under 1%:
  SecurityScorecard leads the industry in eliminating false positives. Through partnering with organizations, SecurityScorecard delivers statistical confidence and defensible data, guaranteeing precision in its ratings. SecurityScorecard’s unique approach includes rigorous validation of security data and training of AI models, resulting in a precise representation of cyber risk.

Mark Weatherford, Chief Strategy Officer of the National Cybersecurity Center and SecurityScorecard Cybersecurity Advisory Board Member, said: “There is a misunderstanding in the cybersecurity industry that all security ratings are pay-to-play. Unlike many security ratings companies, SecurityScorecard allows organizations to claim their score for free. Organizations can also refute findings, contact support, and receive a reply from SecurityScorecard within 24 hours. Once evidence is validated, SecurityScorecard adjusts scores as needed within 72 hours — with no money exchanged.”

Discover more about SecurityScorecard’s commitment to cybersecurity trust and transparency by visiting https://securityscorecard.com/trust/.