SecurityScorecard's statistically robust framework documents the fact that a company with a C, D, or F rating is 5.4 times more likely to suffer a consequential breach versus an A-, B-rated company. Certain risk factors, such as application security and patching cadence, are even more indicative of the likelihood of breach. An F versus an A in these factors may translate into a tenfold increase in the likelihood of a data breach or successful attack.
At the same time, a D or F rating does not necessarily mean that an organization will be breached tomorrow. We do know, however, that in aggregate, companies with a higher security rating are less likely to suffer a data breach. For more information on how ratings are computed download our scoring white paper.
How does SecurityScorecard collect data and calculate security ratings?
SecurityScorecard non-intrusively collects data from publicly available commercial and open-source feeds across the internet for an outside-in, hacker perspective of a company’s cybersecurity posture. This data is then analyzed by SecurityScorecard data science experts who calculate scores across 10 key risk indicator categories as well as an overall security rating using an easy-to-understand A-F grading scale.