Main Site HUB Scorecard Breakdown What is a security rating?


What is a security rating?

Security ratings are an objective, data-driven, quantifiable measurement of an organization’s overall cybersecurity performance. SecurityScorecard’s ratings grade companies on a universally understood scale of A through F.

A security rating is something your business partners use to make decisions about who they do business with.

Whether you are a service provider, acquisition target, or other entity, you need to prove that you have proper security and compliance controls in place in order to transact business. Traditional approaches to assessing the risk of third-parties are limited to either invasive and expensive point-in-time assessments including penetration testing and onsite visits or extensive questionnaires that provide little actual value in assessing the cybersecurity posture of an organization. Security ratings are an effective tool in understanding the cybersecurity capabilities of your company.

"Gartner [has] recognized an uptick in interest in [security ratings]. Over the next five years, these services will become a precondition for business relationships and part of the standard of due care for providers and procurers of services. Additionally, the services will have expanded their scope to assess other areas, such as cyber insurance, due diligence for M&A and even as a raw metric for internal security programs."

- Innovation Insight for Security Rating Services, Sam Olyaei, Christopher Ambrose, Jeffrey Wheatman, July 27, 2018.

Method Decision Usefulness Level of Effort
Formal on-site evaluation High Highest
Formal written report from third-party assessor High High
Security rating services Medium Low
Evaluation of security documentation Low Medium
Completed questionnaire Low Medium
Marketing material describing security program Lowest Low-to-Medium

Security ratings enable your business partners to continuously monitor the cyberhealth of their ecosystem without having to burden you (or themselves) with costly and time consuming methods while giving them a sufficient level of information to make decisions.

If you have received a SecurityScorecard PDF report or email invitation, your business partner has decided to use security ratings to protect their business, meet compliance mandates, and improve their cybersecurity posture using SecurityScorecard. Your security rating is the starting point for a discussion and SecurityScorecard will work with you to ensure that you and your business partners have the information you need and access to our team of professionals to help meet your mutual cybersecurity objectives.