How much time and money can your organization save with SecurityScorecard? Check out our new value calculator! Click here.


Cybersecurity Research & Insights

Explore our cybersecurity white papers, data sheets, webinars, videos and more.


SecurityScorecard Value Calculator

See and show how much time and money you can save with your SecurityScorecard investment for third-party risk. This calculator, gives you the economic benefits needed to understand the value you’ll get before you buy.


Make Cybersecurity a Team Sport with SecurityScorecard

SecurityScorecard’s enhanced product suite for effective collaboration empowers Security and Risk Teams to collaborate more effectively. Being collaborative allows stakeholders to work faster, smarter, and win together with internal teams and their third parties.


Building a Successful Third Party Risk Management Program for a Modern World with CSA

July 16th at 1:00pm EST

Join us for a live webinar with CSA discussing how to build a successful third-party risk management program in today's climate.


[Security DNA] Rethinking Digital Risk in a New Remote-only World

Listen to Alex Yampolskiy, CEO and Co-Founder of SecurityScorecard and Grant Geyer, Chief Product Officer of Claroty, as they discuss how the nature of risk has changed.


Collaborating Effectively on Cyber Risk Management by Making it a Team Sport

Join us for a collaborative webinar where Forrester, Modulr, and Plex Systems come together to discuss how they have built modern cyber risk management practices.


SecurityScorecard featured in “Behind the Scenes with Laurence Fishburne”

SecurityScorecard was recently featured on a public broadcasting segment of “Behind the Scenes with Laurence Fishburne” on the ubiquity of cyber attacks that affect organizations of all sizes and in every industry.


How Short is the Path to Your Most Critical Assets?

Watch this webinar on how malicious actors gain access to your network and the ease at which they can exploit external facing vulnerabilities, gain access to the network, and move laterally until finding their desired targets.

Template Bundle

Cyber Risk Management & Vendor Assessment Template Bundle

You can’t completely eliminate all cybersecurity risk, but you can manage it. Download SecurityScorecard's free cyber risk management and assessment template bundle.


[Security DNA] A CISO Conversation: Managing Security and Private Data in a Global Digital Environment

Listen to Alex Yampolskiy, CEO and Co-Founder of SecurityScorecard and Nuno Teodoro, CISO of Truphone, as they discuss best practices on prioritizing security activities for a global organization.

Case Study

Case Study: Truphone

Learn how SecurityScorecard helps Truphone improve their security posture, gain insight into security risks, and drives a high ROI in time and resource management.


Five Steps to a Modern Cyber Risk Management Team

This ebook will give you what we’ve learned from the best security teams in the world and give you the five steps to build a modern risk management team.

Data Sheet

Collaborate More Effectively with your Third-Party Environment

To run an efficient cyber risk management program, security and IT teams need to collaborate even more effectively with their vendors, partners, suppliers, and other third parties. Download the data sheet to learn more.

Security DNA

[Security DNA] Using Threat Intelligence to Secure Your Organization

Listen to Alex Yampolskiy, CEO and Co-Founder of SecurityScorecard and Anuj Goel, CEO and Co-Founder of Cyware, as they discuss the current threat intelligence landscape as well as the reasons why CISOs should invest in relevant tools and solutions.

Security DNA

[Security DNA] Latest Trends in Endpoint Protection & Cybersecurity Asset Management

Listen to Alex Yampolskiy, CEO and Co-Founder of SecurityScorecard, discuss with Lenny Zeltser, CISO of Axonius, the latest trends in the endpoint protection marketplace, what advice he would give cybersecurity entrepreneurs right now, and the definition of cybersecurity asset management.

White Paper

A Deep Dive in Scoring Methodology

SecurityScorecard scores provide insights and a detailed analysis of the security posture of an organization. Take a deep dive into our scoring methodology.


Prioritizing Risk and Business Continuity During Times of Uncertainty

Listen to our webinar on prioritizing risk and business continuity during times of uncertainty.

Security DNA

[Security DNA] Driving Security Hygiene Using Traditional and Non-traditional metrics

Listen to Alex Yampolskiy, CEO and Co-Founder of SecurityScorecard, discuss with Ed Amoroso, CEO and Founder of TAG Cyber on the key performance indicators that CISOs should use to measure cybersecurity effectiveness.


Managing Supply Chain Risk During Times of Turmoil with CSA

Watch our webinar on managing supply chain risk during times of turmoil.


Managing Supply Chain Risk During Times of Turmoil

In the webinar you will explore the current situation from the perspective of the hacker, monitoring and acting on vendor and supply chain risk and how to prioritize your actions to ensure business continuity during these times of turmoil and increased remote work.


Prioritizing Risk and Business Continuity During Times of Uncertainty

In this webinar learn how to prioritize risk and ensure business continuity during uncertain times.


[Security DNA] Cyber Insurance in the Era of Expanding Digital Risks

Listen to Alex Yampolskiy discuss with Anthony Dagostino, EVP Global Cyber for Lockton Companies on the cyber insurance underwriting market, how boards rate themselves on their cybersecurity posture and more.

Case Study

Virgin Pulse leverages SecurityScorecard to scale their VRM program

Kal Dhisna, VP, Information Security & SaaS Operations, at Virgin Pulse talks about how using SecurityScorecard has allowed him and his team to automate and scale many of the functions of Virgin Pulse's vendor risk management program.

Data Sheet

SecurityScorecard & RSA Archer® GRC Platform Integration

SecurityScorecard’s integrated solution with the RSA Archer® GRC platform enables you to scale and enhance your vendor risk management (VRM) with SecurityScorecard Ratings.

Case Study

Case Study: RMS

By utilizing the SecurityScorecard platform and products, RMS has made incremental and lasting improvements to their security program, and the security team saw significant time-savings for critical aspects of the security program.


2020 Democratic Presidential Candidates Get Smart to Cybersecurity Report

With the 2020 U.S. election on the horizon, SecurityScorecard wanted to know: How secure are the presidential candidates’ campaigns? Download the report.


Communicating Cybersecurity to the Board

Communication is critical in the battle against cybersecurity risks to today's business. Learn how to educate and influence the board to get budget buy-in.


QSnatch Technical Report

This report details a technical analysis of the malware, details of the discovery, a timeline of QSnatch’s history, and data and indicators of compromise (IoC) about the infected systems.


Addressing Brazil Lei Geral de Proteção de Dados (LGPD)

Learn how you can achieve, maintain and enable compliance with LGPD and other leading regulations and industry standards in your area.

Financial Case Study

Case Study: Modulr

By using SecurityScorecard, Modulr was also able to decrease operational costs, increase objectivity, reduce human error and more. Read the case study.

Media Case Study

Case Study: Horizon Media

Learn how Horizon Media used SecurityScorecard to make strategic changes to their IT infrastructure and increase cybersecurity hygiene.


Transformation of Cybersecurity Risk with CSA

The cyber landscape is continuing to evolve, and we're seeing digital trends continue to change. Digital technologies are accelerating the ability to do business, and really digitizing everything.

Healthcare Report

Data Security in Healthcare Needs Intensive Care

Despite stringent data security, compliance and reporting requirements, the healthcare industry continues to struggle with cybersecurity. Read our report.


Data Lifecycle Protection and Privacy

With privacy regulations brewing across the globe and consumers becoming more knowledgeable than ever about their privacy rights – can we now assume our personal data is now more secure than ever? Watch the video.


SecurityScorecard's Mission & The Importance of Cybersecurity Ratings

We take viewers through the journey of SecurityScorecard, what problems we are solving, and why it’s important.

Data Sheet

SecurityScorecard for PCI Compliance

Download our Data Sheet to learn how you can meet evolving PCI requirements by maturing your PCI DSS compliance.

Analyst Report

Gartner's Top 10 Security Projects for 2019 Report

In their latest report, Gartner—the world's leading information technology research and advisory company—examines the top security projects that security and risk management (SRM) leaders should focus on in 2019, including cybersecurity ratings!


Sam Kassoumeh Discusses New Feature Release: Custom Scorecard

SecurityScorecard is continuously working to deliver enhancements. We recently released a new feature, Custom Scorecard, as a part of the SecurityScorecard Ratings product. Users can now divide and score segments of their company (or a partner’s organization), including business lines, subsidiaries and organizational departments.


Assessing Exposure & Organizational Behavior to the BlueKeep Vulnerability

SecurityScorecard researchers have used this BlueKeep event as a way to study companies’, and organizations’ response to this vulnerability over time.​​ Learn more.


A Dive Into SecurityScorecard's Scoring Model, Risk Factors, and Data Collections

Take a dive into SecurityScorecard's scoring model, risk factors, and data collections from the likes of our data science and threat intelligence experts.


It's a Compliance World - New standards for global privacy requirements and regulations

Learn how the new standards for global privacy requirements and regulations have transformed over time. Download the webinar.


Trust & Transparency, Introducing SecurityScorecard's Trust Portal

CEO and Co-Founder, Alex Yampolskiy, speaks about the fundamental importance of trust and transparency in security ratings.


Simplifying Security: Breaking Down the World of Cyber Hygiene

Join SecurityScorecard and CyberHeroes as we take you through the importance of cyber hygiene in an animated webinar series that helps relate important cyber strategies to your favorite childhood superheroes!

White Paper

Continuous Oversight in the Cloud: How to Improve Cloud Security, Privacy and Compliance

This white paper advocates for continuous oversight of the wide variety of cloud services used by organizations—a set of distinct, but related, management and assurance practices that address critical emerging risk domains, including security, privacy and compliance.


Interview with Aleksandr Yampolskiy at HMG's CISO Executive Leadership Summit

Watch this interview with Aleksandr Yampolskiy at HMG's New York CISO Executive Leadership Summit

White Paper

Explanation of SecurityScorecard's Rating Data

This white paper provides detail on the active and passive collection methods and signal types that are in use by the SecurityScorecard solution.


Analysis of Cyber Risk Exposure for U.S. and European Political Parties Report

How are the political establishments responding to the threat of attack? And, are they prepared to effectively respond to an escalation in cyber activities? FInd out our findings in our report.


7 Key Elements to Building a Compliance Program

To remain solvent, companies need to mature their compliance programs to protect themselves from the financial, reputational, and operational risks associated with data breaches. This ebook covers seven key elements of building a compliance program.

Financial Report

2019 Payment Card Fraud & the Financial Crime Ecosystem Report

Cybercriminals continue to infiltrate payment card systems to obtain cardholder data. Despite the rigorous compliance requirements set out by the Payment Card Industry Security Standards Council (PCI SSC), merchants and vendors find themselves as prime targets. Download this report to see the most recent findings.

Data Sheet

Global Cyber Security Data Insights

Download this data sheet that outlines our global findings of the cybersecurity of companies in the financial industry, and see which region's results we deem to be concerning.


The 2019 Forrester Consulting Total Economic Impact™ Of SecurityScorecard Webinar

SecurityScorecard commissioned Forrester Consulting to conduct a Total Economic Impact™ (TEI) study and examine the potential return on investment (ROI) enterprises may realize by deploying SecurityScorecard’s Security Ratings Platform


Improve Security, Privacy and Compliance with Continuous Oversight with ISACA

Security programs must be aligned with privacy and compliance programs to ensure those areas of data protection compliance are appropriately met and monitored, and then actions based on maturity levels must be aligned with information assurance programs.

Analyst Report

The 2019 Forrester Consulting Total Economic Impact™ of SecurityScorecard Report

SecurityScorecard commissioned Forrester to conduct a Total Economic Impact™ (TEI) study and examine the potential return on investment (ROI) enterprises may realize by deploying SecurityScorecard’s Security Ratings Platform

Atlas Data Sheet

Atlas Overview

Learn how Atlas accelerates the due diligence exchange process by enabling organizations to manage, complete and review with ease in a central repository.


Measuring Cybersecurity through Behavioral Analytics - an Outside-In Approach

This webinar explains the state of cybersecurity in the modern world, and what best practices are for measuring it - differently. It discusses the importance of behavioral analytics, and how to make use of an “outside-in approach” when measuring cybersecurity.


2019 Healthcare Cyber Security Report

SecurityScorecard looked at over 26,000 healthcare companies in 2018-2019. Some struggles continue within the healthcare industry as companies fail to protect patient and organizational data.

Case Study

Case Study: Axcient

Learn how Axcient uses our cyber security ratings to review performance, ensure continuous monitoring and ongoing compliance. Read the case study.


Cybersecurity Impact Analysis of US Government Shutdown

SecurityScorecard developed this report to outline observable changes within the external security postures of US federal government entities during the period throughout the US Government Shutdown of 2018 - 2019.


2018 Education Cybersecurity Report

In 2018, SecurityScorecard analyzed 2,393 companies with a footprint of 100 IP addresses or more in the education industry. We found the following:


SecurityScorecard Named a Leader in The Forrester New Wave

We started this journey together in 2013. Since then, we have helped hundreds of companies improve the cybersecurity capabilities of their ecosystem. Today, we were named as a Leader in The Forrester New Wave™: Cybersecurity Risk Rating Solutions, Q4 2018 report.

Analyst Report

The Forrester New Wave™: 2018 Cybersecurity Risk Rating Solutions

SecurityScorecard Stands Out for its Core Cyber-Risk Rating Capabilities: Data Collection, Rating Efficacy & Transparency, Vendor Review & Collaboration


SecurityScorecard Vendor Risk Management Video

In this short video, I’ll provide a quick demo of how to use the SecurityScorecard security ratings platform to gain an outside-in hacker view of vendor security, and quickly assess and manage risk in your third-party ecosystem


Score Planner Feature Introduction

Your organization probably has security vulnerabilities it may need to fix, but you struggle to identify which vulnerabilities to prioritize. Additionally, you’ve been told your organization needs to maintain a certain security score within SecurityScorecard to meet your customer’s requirements. All this leads to the question, “How do I get there?”


Event Log Feature Introduction

With SecurityScorecard’s new Issue Level Event Log, we are increasing transparency associated with score changes and enabling you to quickly pinpoint the specific issues that impacted your score.


2018 ISACA Webinar Continuous Assurance Using Data Threat Modeling

Learn more about continuous assurance using data threat modeling and see what a hacker sees when assessing risk to data. Walk away with best practice recommendations on how to minimize risk to critical data.


2018 Retail Cybersecurity Report

SecurityScorecard analyzed 1444 domains in the retail industry over a recent six month period. The results display that although hackers have become increasingly clever with stealing credit card data, the retail industry is no better prepared to deal with the threat.

Data Sheet

Event Log Data Sheet

Gain transparent visibility into all score changes

Data Sheet

Next-Gen Cyber Security Scoring Data Sheet

Get a transparent view of cyber security risk

Data Sheet

Score Planner Data Sheet

Take control of your security rating and easily boost your score

White Paper

Next-Gen Scoring: A New Standard in Fair and Transparent Cybersecurity Ratings

​Security ratings can provide insights enabling better security when the companies creating the scores explain the algorithms so that businesses can understand how to use them meaningfully.


Take Control of Your Rating and Easily Boost Your Score with Score Planner

Transparent understanding of what issues to prioritize in order to improve your score is now a key component of the SecurityScorecard Platform!


Top 15 Chief Information Security Officers 2018

SecurityScorecard looked into the top 15 CISOs and the programs that have pushed their organizations forward in terms of cybersecurity; We ran an analysis looking at the security ratings of organizations over a six month period and identified which organizations improved those scores the most; whether overall or within a specific risk area.

White Paper

New Phorpiex/Trik Variant Poses Threat Through Remote Access

The newest Phorpiex/Trik variant has the ability to infect machines with ransomware by targeting desktops, laptops, and other endpoints running server-side remote access applications. With increasing numbers of companies offering remote-work options to their employees, many corporate endpoints may be running these applications.

White Paper

Insights into the Auditor’s Perspective

Internal audits lives at the intersection of cybersecurity and best practices while external audit protects organizations from regulatory penalties.

White Paper

The Legality of SecurityScorecard Data Collection

​SecurityScorecard delivers security ratings that empower enterprises to instantly and accurately monitor, assess and understand their own cybersecurity posture as well as the cyberhealth of all vendors and business partners in their ecosystems.

White Paper

Continuous Assurance Using Data Threat Modeling

ISACA & SecurityScorecard teamed up to write about continuous assurance using data threat modeling.

Financial Case Study

Case Study: Cadence Bank

Find out how SecurityScorecard helps Cadence Bank perform thorough security vendor risk assessments, and improves accountability. Learn more.

White Paper

The Business Case for Investing in a Security Ratings Platform

Many cyber breaches occur as a result of third-party vendor relationships and these types of attacks are on the rise. The cost factors associated with a breach can include data loss, operational downtime, incident recovery, shareholder and customer lawsuits, regulatory fines and reputational damage.

White Paper

What Financial Institutions Need To Know About Cybersecurity and Audit Controls

Industry reports draw attention to consistent financial audit outcomes from year to year. Learn what you need to know about cybersecurity and audit controls within financial industries.


GDPR enforcement is here. Are you ready?

The General Data Protection Regulation (GDPR) tidal wave that has hit, are you ready?

White Paper

Cyber Insurance & Security Ratings

This whitepaper provides detail on how cyber insurance providers can use security ratings to assess cyber risk as part of issuing cyber liability insurance policies.

White Paper

Operationalizing SecurityScorecard in Your Vendor Risk Management Program

In this paper, we will review key areas to operationalize Vendor Risk Management with SecurityScorecard. This includes the vendor landscape, considerations when conducting the risk assessment as well as what to include in vendor contracts.


Forrester Webinar: Security Ratings Set the Standard

In this webinar, guest speaker Heidi Shey, Forrester Senior Analyst - Security and Risk, will discuss the study’s methodology and findings including that, “enterprises need robust platforms that can score and rate ecosystem risks to provide visibility into risks and help organizations improve their security posture more effectively.”

Analyst Report

The Expanding Role of Cyber Security Ratings

In its Top Recommendations For Your Security Program, 2018 report, Forrester Research reports that “New cyber risk ratings and increased senior executive scrutiny require you to prove your security practices are solid. Often, this means tightening your practices with third parties or suffering their fate if they fail.”

Analyst Report

Cyber Security Ratings Set the Standard - Forrester

In this Forrester report, commissioned by SecurityScorecard, Forrester found that, “Enterprises need robust platforms that can score and rate ecosystem risk to provide visibility into risks and help organizations improve their security posture more effectively.”

Ecosystem Risk Management Case Study

Case Study: Gunderson Dettmer

Learn how SecurityScorecard helped Gunderson Dettmer enhance their cyber security posture and maintain client confidence. Read the case study.

Ecosystem Risk Management White Paper

Calculating Total Risk Across Third-Party Portfolios

With cyber crime-related costs to hit $6 trillion annually by 2021 and continued high-profile breaches in news headlines, more and more organizations fear that one cyber-attack could suddenly put a stop to growth and profitability.


2018 Government Cyber Security Report

Government agencies must leverage cybersecurity best practice tools and technologies and tailor risk mitigation strategies to address the unique requirements of election security and integrity.

White Paper

Understanding Cyber Security Ratings

Security ratings grade your organization on how well it protects information. In a digital world, the importance of data and your company’s protection of that data parallels your income and protection of financial assets.

White Paper

Man-in-the-Browser Attacks Target Coinbase and Blockchain Websites

Cryptocurrency is digital, decentralized currency. In the past, cybercriminals primarily just used cryptocurrency to receive money in an anonymized manner.

Ecosystem Risk Management White Paper

Preserving the Cyber Health of the Vendor Ecosystem

While there are a few steps that can be taken to validate a partner’s cyber readiness, they each have their weaknesses and drawbacks. We show you the primary shortcomings of common assessment techniques, using a real-time, machine learning-driven security platform, the value that a reconnaissance platform can provide, and insights from other companies.


Aravo: Cybersecurity & Vendor/Third-Party Risk: From Predictive Insight to Action

SecurityScorecard provides significant insight into the cyber risk associated with 100s and perhaps 1000s of vendors with trusted access. Without SecurityScorecard, organizations have no idea how susceptible third-parties make them to risk of breach. Without SecurityScorecard, continuous monitoring of vendors' security postures was mere fantasy.

Ecosystem Risk Management White Paper

NIST SP 800-171

NIST SP 800-171 required government contractors to provide “adequate security” to protect protect “controlled but unclassified information” (CUI) by December 31, 2017. While its main objective is to drive better cyber controls to protect CUI in non-federal systems and organizations, navigating the standard requires some understanding of its structure.

White Paper

How Security Ratings Improve Risk Awareness While Delivering a Solid ROI

Combatting cyber security risk is already a difficult challenge given the dynamic cyber security risk landscape and evolving sophistication of cyber attacks. Without visibility into internal and external risk, this battle becomes harder. Organizations lacking awareness of the risks posed to their data are left struggling to find the best steps forward.

Analyst Report

Analyst Insights Bundle

Security Ratings solutions are coming of age and rapidly becoming indispensable for combatting internal and external cybersecurity risk. Analysts are increasingly making the case for investment in security ratings services for a variety of applications.


Webinar: Where Do Cyber Risks and GDPR Compliance Meet?

Learn more about how cyber-risks can translate into non-compliance with laws and regulations. With its global impact, GDPR has been selected as the area of focus for this session. Fouad Khalil, Head of Compliance at SecurityScorecard, will go into how GDPR's mandates map to vulnerabilities, technical controls, and requirements for cybersecurity posture.


GDPR Penalties

Watch this session with Mike Resseler, Veeam Product Management Director, as he discusses: insights and five key lessons that we learned through our own compliance to help you on the path to thinking about GDPR compliance, how to accelerate your GDPR efforts today, existing data management strategies and tactics for efficient IT assessment and more.

Healthcare White Paper

HIPAA Compliance: Risk Analysis & Mitigation Strategies

The Health Insurance Portability and Accountability Act (HIPAA) prompted the HHS to issue the rules on the specific areas of HIPAA. These rules define uniform standards for transferring health information among healthcare providers, health plans, and clearinghouses while securing health information and ensuring patient privacy and confidentiality.

White Paper

Transforming Insights into Cyber Resilience via Technology Integration

Enterprises struggle with the increasingly difficult mandate to consistently improve, maintain, and document cybersecurity in order to protect brand reputation, customer trust, and the bottom line. Top of mind on the cyber security agenda is adopting a more agile approach to managing emerging risks across an organization’s third-party portfolio.

White Paper

The Cost of Complacent Cyber Security

Ever wish you could just give in to despair and stop worrying about imminent security threats and let your network operate on cruise control? It’s a tempting thought given the escalating number of threats and the challenges involved in prioritizing them in terms of business risk cost and time to remediate.


2018 Healthcare Cyber Security Report

Looking at more than 1200 healthcare companies from July to the end of 2017, SecurityScorecard’s research team analyzed information such as issue severity, industry-defined risk level, corporate peer performance, and more.

No waiting, 100% Free

Get your personalized scorecard today

Get your free scorecard and learn how you stack up across 10 risk categories. Answer a few simple questions and we'll instantly send your score to your business email.

Get Your Free Score

Get In Touch

Thank you for contacting us!