Posted 04 Jan 2018
NEW YORK – January 4, 2018 – SecurityScorecard, the leader in security ratings, today released a landmark new report entitled ‘SecurityScorecard Big 500 Index: A Cybersecurity Analysis of 500 Major Publicly-Traded U.S. Companies’ that examines the cybersecurity posture of some of the largest publicly traded U.S. companies. The report analyzes the performance of 500 companies as a cohort against the performance of 18 U.S. industries. Companies included in this report are, have been, or have similar characteristics to companies included in the S&P 500 index.
“While the stock market has reached all-time highs, a major cybersecurity incident can wipeout billions of dollars in value overnight,” said Fouad Khalil, Head of Compliance at SecurityScorecard. “The vast majority of companies in the Big 500 group have similar issues that resulted in major breaches in the past. In particular, patching cadence, which is precisely the issue that led to the Equifax breach, is still a serious concern. While most companies think they have this covered, the report proves otherwise. From a cybersecurity and compliance perspective, such basic hygiene issues need to be prioritized and addressed as a part of a good corporate governance strategy.”
Slow patching cadence is a key indicator of risk and demonstrates a lack of resources to implement an available fix to deal with the overhead of additional efforts that may emerge as a byproduct of the fix. It also indicates a lack of awareness regarding the existence of the vulnerability and patches. It is generally recognized that 80 percent of attacks exploit vulnerabilities for which patches already exist.
Headquartered in the heart of New York City, SecurityScorecard’s vision is to create a new language to measure and communicate security risk. The company was founded in late 2013 by Dr. Aleksandr Yampolskiy and Sam Kassoumeh, two former cybersecurity practitioners who had served, respectively, as Chief Information Security Officer and Head of Security & Compliance. With cloud solutions becoming an increasingly integral part of the security technology stack, Yampolskiy and Kassoumeh recognized the need to address third- and fourth-party risk as well as better understand the security capabilities of their business partners. Since its founding, the company has grown dramatically and now counts hundreds of leading brands as customers. For more information, visit www.securityscorecard.com.
No waiting, 100% Free
Get your free scorecard and learn how you stack up across 10 risk categories. Answer a few simple questions and we'll instantly send your score to your business email.