Skip to main content
Security Scorecard

Your score matters.
We guarantee it.

SecurityScorecard guarantees that if your organization increases its security rating to an A, it is less likely to experience a cyber incident.

Security investments are designed to reduce cyber risk, yet most enterprises don’t know if theirs are working. How do you trust that you are making the right risk management decisions?


Read the FAQs
SecurityScorecard is the only ratings provider with a services-backed guarantee.

What is being guaranteed?

With the Score Guarantee, we stand behind our ratings as a quality indicator of external cyber risk. The stronger an organization’s rating, the lower their likelihood of a breach. You can trust that maintaining an A rating on our Platform means your organization has greatly improved its resilience to cyber risk — in fact, so much so, we guarantee it.

Qualifying customers that achieve an A rating on the Platform and experience a breach are eligible for 20 hours of Digital Forensics and Incident Response (DFIR) services through the Score Guarantee, free of charge. Enrolling in the program at no cost means you can ensure your organization’s resilience and continuity even in the face of unexpected adversity so that you can rest easy.

How does this guarantee work?

If your organization is rated A on our Platform and undergoes a qualifying cyber incident, you will receive 20 hours of complementary Digital Forensics and Incident Response (DFIR) services to remediate the incident. Qualifying customers may enroll in the Score Guarantee at no cost.

Who qualifies for this protection?

SecurityScorecard customers who meet all the following requirements:

  • SecurityScorecard customers with an active Platform subscription and a minimum annual spend of at least USD $30,000 on SecurityScorecard’s online and SaaS products (professional services are excluded). Examples include Attack Surface Intelligence, Cyber Risk Quantification, and Automatic Vendor Detection.Have an A rating at the time of enrollment into the Score Guarantee and on an ongoing basis through the time the cyber incident occurred (as opposed to when it’s discovered). In the event that the customer loses the A rating during the term of the IR SOW and any renewals, a grace period of 2 weeks will be granted to remediate lagging scores.

  • Hold an Incident Response (IR) retainer with SecurityScorecard. The Score Guarantee is valid only for the duration of the Incident Response retainer SOW and any renewals.

What is not protected by this guarantee?

Covered assets include only those listed and tracked in the company’s Scorecard that are attested to at the time of registration. Events arising from human error relating to wire fraud or arising from acts of war, terrorism, or nation-state hacking are not covered by this guarantee. Likewise, events arising from unknown vulnerabilities or novel exploits (e.g., zero-days) are excluded.

What happens if my score drops below an A while this protection is active?

The guarantee will remain in place for a 2-week grace period. If the score remains below an A after two weeks, the guarantee coverage will be revoked. To reinstate the guarantee, customers must remediate the necessary issues to restore their rating to an A.

What if a breach took place prior to the guarantee period but is only detected after enrollment?

We will honor coverage for events that took place up to at most 180 days prior to enrollment, as long as your organization maintained an A rating on the Platform at the time the event took place. Any events falling outside the 180-day window, or in cases where your organization scored below an A on the incident date, will not be subject to coverage under this guarantee.

If I use SecurityScorecard to manage subsidiaries of my company, would the parent company’s guarantee apply to the subsidiaries?

The Score Guarantee applies to the entity or entities with whom the Incident Response retainer is maintained. This boundary is set by the obligations set out in the IR contract.

When an incident occurs, which Incident Response hours are consumed first, those from my retainer or those from the guarantee?

The hours obtained from the Score Guarantee are consumed first. The 20 hours offered free through the guarantee are a credit against your final invoice for DFIR services. The 20 guarantee hours may not be exchanged for other SecurityScorecard services and may be used only in response to incidents covered by the Score Guarantee.

If an incident’s root cause is linked back to a third party, will my organization be covered by this guarantee?

This guarantee is only intended to cover incidents arising from security issues with the entity or entities with whom the Incident Response retainer is maintained. At the time of enrollment, customers will attest that their digital footprint is complete and accurate to determine the scope of the guarantee.

How does the guarantee work with my cyber insurance coverage?

The Score Guarantee is not intended to constitute an insurance contract, nor does it take the place of insurance obtained through a reputable carrier. Any cyber insurance policy you obtain is a separate form of risk transfer and should be considered before enrolling. Your cyber insurance policy has benefits, terms, and conditions different from the Score Guarantee, and you should work with your broker or insurer to understand them. The Score Guarantee can complement your cyber insurance coverage by offsetting any costs related to insurance retentions or deductibles.


Join us in making the world a safer place.