Discover Research & Insights

Video

SecurityScorecard Named a Leader in The Forrester New Wave

We started this journey together in 2013. Since then, we have helped hundreds of companies improve the cybersecurity capabilities of their ecosystem. Today, we were named as a Leader in The Forrester New Wave™: Cybersecurity Risk Rating Solutions, Q4 2018 report.

Analyst Report

The Forrester New Wave™: 2018 Cybersecurity Risk Rating Solutions

SecurityScorecard Stands Out for its Core Cyber-Risk Rating Capabilities: Data Collection, Rating Efficacy & Transparency, Vendor Review & Collaboration

Video

SecurityScorecard Vendor Risk Management Video

In this short video, I’ll provide a quick demo of how to use the SecurityScorecard security ratings platform to gain an outside-in hacker view of vendor security, and quickly assess and manage risk in your third-party ecosystem

Video

Score Planner Feature Introduction

Your organization probably has security vulnerabilities it may need to fix, but you struggle to identify which vulnerabilities to prioritize. Additionally, you’ve been told your organization needs to maintain a certain security score within SecurityScorecard to meet your customer’s requirements. All this leads to the question, “How do I get there?”

Video

Event Log Feature Introduction

With SecurityScorecard’s new Issue Level Event Log, we are increasing transparency associated with score changes and enabling you to quickly pinpoint the specific issues that impacted your score.

Webinar

2018 ISACA Webinar Continuous Assurance Using Data Threat Modeling [Recording]

Learn more about continuous assurance using data threat modeling and see what a hacker sees when assessing risk to data. Walk away with best practice recommendations on how to minimize risk to critical data.

Report

2018 Retail Cybersecurity Report

SecurityScorecard analyzed 1444 domains in the retail industry over a recent six month period. The results display that although hackers have become increasingly clever with stealing credit card data, the retail industry is no better prepared to deal with the threat.

Data Sheet

Event Log Data Sheet

Gain transparent visibility into all score changes

Data Sheet

Next-Gen Scoring Data Sheet

Get a transparent view of cybersecurity risk

Data Sheet

Score Planner Data Sheet

Take control of your security rating and easily boost your score

Webinar

Take Control of Your Rating and Easily Boost Your Score with Score Planner [Recording]

Transparent understanding of what issues to prioritize in order to improve your score is now a key component of the SecurityScorecard Platform!

Report

Top 15 Chief Information Security Officers 2018

SecurityScorecard looked into the top 15 CISOs and the programs that have pushed their organizations forward in terms of cybersecurity; We ran an analysis looking at the security ratings of organizations over a six month period and identified which organizations improved those scores the most; whether overall or within a specific risk area.

White Paper

New Phorpiex/Trik Variant Poses Threat Through Remote Access

The newest Phorpiex/Trik variant has the ability to infect machines with ransomware by targeting desktops, laptops, and other endpoints running server-side remote access applications. With increasing numbers of companies offering remote-work options to their employees, many corporate endpoints may be running these applications.

White Paper

Insights into the Auditor’s Perspective

Internal audits lives at the intersection of cybersecurity and best practices while external audit protects organizations from regulatory penalties.

White Paper

The Legality of SecurityScorecard Data Collection

​SecurityScorecard delivers security ratings that empower enterprises to instantly and accurately monitor, assess and understand their own cybersecurity posture as well as the cyberhealth of all vendors and business partners in their ecosystems.

White Paper

Continuous Assurance Using Data Threat Modeling

ISACA & SecurityScorecard teamed up to write about continuous assurance using data threat modeling.

Financial Case Study

Case Study: Cadence Bank

Cadence Bank Technology Risk and Compliance team has been able to perform a much more thorough review of each vendor and improved their vendor accountability.

White Paper

The Business Case for Investing in a Security Ratings Platform

Many cyber breaches occur as a result of third-party vendor relationships and these types of attacks are on the rise. The cost factors associated with a breach can include data loss, operational downtime, incident recovery, shareholder and customer lawsuits, regulatory fines and reputational damage.

White Paper

What Financial Institutions Need To Know About Cybersecurity and Audit Controls

Industry reports draw attention to consistent financial audit outcomes from year to year. Learn what you need to know about cybersecurity and audit controls within financial industries.

Webinar

GDPR enforcement is here. Are you ready? [Recording]

The General Data Protection Regulation (GDPR) tidal wave that has hit, are you ready?

White Paper

Cyber Insurance & Security Ratings

This whitepaper provides detail on how cyber insurance providers can use security ratings to assess cyber risk as part of issuing cyber liability insurance policies.

White Paper

Operationalizing SecurityScorecard in Your Vendor Risk Management Program

In this paper, we will review key areas to operationalize Vendor Risk Management with SecurityScorecard. This includes the vendor landscape, considerations when conducting the risk assessment as well as what to include in vendor contracts.

Webinar

Forrester Webinar: Security Ratings Set the Standard [Recording]

In this webinar, guest speaker Heidi Shey, Forrester Senior Analyst - Security and Risk, will discuss the study’s methodology and findings including that, “enterprises need robust platforms that can score and rate ecosystem risks to provide visibility into risks and help organizations improve their security posture more effectively.”

Analyst Report

The Expanding Role of Security Ratings

In its Top Recommendations For Your Security Program, 2018 report, Forrester Research reports that “New cyber risk ratings and increased senior executive scrutiny require you to prove your security practices are solid. Often, this means tightening your practices with third parties or suffering their fate if they fail.”

Analyst Report

Security Ratings Set the Standard - Forrester

In this Forrester report, commissioned by SecurityScorecard, Forrester found that, “Enterprises need robust platforms that can score and rate ecosystem risk to provide visibility into risks and help organizations improve their security posture more effectively.”

Ecosystem Risk Management Case Study

Gunderson Dettmer Case Study

Gunderson Dettmer, an international business law firm, provides advisory and legal services to more than 2,500 high-growth and emerging technology and life sciences companies, from startup to maturity.

Ecosystem Risk Management White Paper

Calculating Total Risk Across Third-Party Portfolios

With cyber crime-related costs to hit $6 trillion annually by 2021 and continued high-profile breaches in news headlines, more and more organizations fear that one cyber-attack could suddenly put a stop to growth and profitability.

Report

2018 Government Cybersecurity Report

Government agencies must leverage cybersecurity best practice tools and technologies and tailor risk mitigation strategies to address the unique requirements of election security and integrity.

White Paper

Understanding Security Ratings

Security ratings grade your organization on how well it protects information. In a digital world, the importance of data and your company’s protection of that data parallels your income and protection of financial assets.

White Paper

Man-in-the-Browser Attacks Target Coinbase and Blockchain Websites

Cryptocurrency is digital, decentralized currency. In the past, cybercriminals primarily just used cryptocurrency to receive money in an anonymized manner.

Ecosystem Risk Management White Paper

Preserving the Cyber Health of the Vendor Ecosystem

While there are a few steps that can be taken to validate a partner’s cyber readiness, they each have their weaknesses and drawbacks. We show you the primary shortcomings of common assessment techniques, using a real-time, machine learning-driven security platform, the value that a reconnaissance platform can provide, and insights from other companies.

Webinar

Aravo: Cybersecurity & Vendor/Third-Party Risk: From Predictive Insight to Action [Recording]

SecurityScorecard provides significant insight into the cyber risk associated with 100s and perhaps 1000s of vendors with trusted access. Without SecurityScorecard, organizations have no idea how susceptible third-parties make them to risk of breach. Without SecurityScorecard, continuous monitoring of vendors' security postures was mere fantasy.

Ecosystem Risk Management White Paper

NIST SP 800-171

NIST SP 800-171 required government contractors to provide “adequate security” to protect protect “controlled but unclassified information” (CUI) by December 31, 2017. While its main objective is to drive better cyber controls to protect CUI in non-federal systems and organizations, navigating the standard requires some understanding of its structure.

White Paper

How Security Ratings Improve Risk Awareness While Delivering a Solid ROI

Combatting cybersecurity risk is already a difficult challenge given the dynamic cybersecurity risk landscape and evolving sophistication of cyber attacks. Without visibility into internal and external risk, this battle becomes harder. Organizations lacking awareness of the risks posed to their data are left struggling to find the best steps forward.

Webinar

ISACA & SecurityScorecard Webinar: Where Do Cyber Risks and GDPR Compliance Meet? [Recording]

Learn more about how cyber-risks can translate into non-compliance with laws and regulations. With its global impact, GDPR has been selected as the area of focus for this session. Fouad Khalil, Head of Compliance at SecurityScorecard, will go into how GDPR's mandates map to vulnerabilities, technical controls, and requirements for cybersecurity posture.

Webinar

GDPR Penalties [Recording]

Watch this session with Mike Resseler, Veeam Product Management Director, as he discusses: insights and five key lessons that we learned through our own compliance to help you on the path to thinking about GDPR compliance, how to accelerate your GDPR efforts today, existing data management strategies and tactics for efficient IT assessment and more.

Healthcare White Paper

HIPAA Compliance: Risk Analysis & Mitigation Strategies

The Health Insurance Portability and Accountability Act (HIPAA) prompted the HHS to issue the rules on the specific areas of HIPAA. These rules define uniform standards for transferring health information among healthcare providers, health plans, and clearinghouses while securing health information and ensuring patient privacy and confidentiality.

White Paper

Transforming Insights into Cyber Resilience via Technology Integration

Enterprises struggle with the increasingly difficult mandate to consistently improve, maintain, and document cybersecurity in order to protect brand reputation, customer trust, and the bottom line. Top of mind on the cybersecurity agenda is adopting a more agile approach to managing emerging risks across an organization’s third-party portfolio.

White Paper

The Cost of Complacent Cybersecurity

Ever wish you could just give in to despair and stop worrying about imminent security threats and let your network operate on cruise control? It’s a tempting thought given the escalating number of threats and the challenges involved in prioritizing them in terms of business risk cost and time to remediate.

Report

2018 Healthcare Cybersecurity Report

Looking at more than 1200 healthcare companies from July to the end of 2017, SecurityScorecard’s research team analyzed information such as issue severity, industry-defined risk level, corporate peer performance, and more.

Webinar

Translating Security into the Language of Business [Recording]

The security industry needs to learnt he language of business. As we see the convergence of information technology, operational technology, and the human element, we need to converge on a taxonomy that allows us to speak in terms of impact and dollars and cents.

White Paper

The Cost of Doing Nothing

The European Union's (EU) General Data Protection Regulation (GDPR), effective May 25, 2018, reaches far beyond the Continent's borders. GDPR impacts every organization that handles EU resident personal data in order to deliver products or services. Non-compliance with GDPR will yield hefty fines up to 20 million euros.

White Paper

Enable Your Organization’s GDPR Compliance

With the never-ending cycle of new and updated security and privacy regulations and standards, we at SecurityScorecard are continuously monitoring and preparing for impacts of what is sure to be a compliance-heavy tidal wave in 2018. Download now to learn some of the key requirements and controls worth noting.

Report

2018 Big 500 Index Report

According to Cybersecurity Ventures, cyber crime-related costs to hit $6 trillion annually by 2021 and continued high-profile breaches in news headlines, more organizations fear that one cyber-attack can suddenly put a stop to the growth and profitability of the company-- and leading enterprises, like those similar to the S&P 500, are no exception.

Healthcare Case Study

Greenville Health System

With sophisticated cyber-attacks on the rise and healthcare clinicians’ increasing reliance on vulnerable mobile and IoT medical devices, GHS understood the urgency to accelerate its efforts to self-assess cyber risk within its own infrastructure and improve security posture across its partner ecosystem.

Webinar

Forrester Webinar Recording: Security Ratings - A Mission Critical Tool for Vendor Risk Managers and Beyond [Recording]

While not yet a silver bullet, security ratings are emerging as a necessary tool in the vendor risk management armamentarium that can significantly reduce risk in your IT ecosystem, including both third-party and fourth-party risk.

White Paper

Scoring Methodology

SecurityScorecard grades the cybersecurity health of organizations based on the information collected by ThreatMarket, our proprietary data engine, as well as our own internal collection activities. Threatmarket collects information from several sources like data feeds, sensors, honeypots, and sinkholes.

Report

2017 Retail Cybersecurity Report

With the Holiday season upon us, SecurityScorecard analyzed 1924 companies in the retail industry from January to October of this year, looking at this industry as compared to other major U.S. industries and at the cybersecurity indicators of the best and worst cybersecurity performers.

Case Study

Case Study: Healthcare

As a company in the healthcare space, this corporation is subject to HIPAA regulations and must ensure that personal health information (PHI) is secured with the appropriate physical and electronic safeguards.

Report

2017 IoT Cybersecurity Research Report

SecurityScorecard identified 34,062 IPv4 addresses on the public internet which all display the symptoms expected from an embedded device infected with Mirai IoT malware.

Healthcare Case Study

Case Study: Children’s Hospital of Minnesota

Children’s Hospital of Minnesota is one of the largest independent pediatric health systems in the United States, with two hospitals, twelve primary care clinics, six rehabilitation and nine specialty care sites. Children’s Minnesota is subject to HIPAA regulations and must ensure that personal health information (PHI) is secured.

White Paper

Preparing for GDPR

The European Union’s (EU) General Data Protection Regulation (GDPR), effective May 25, 2018, reaches far beyond the Continent’s borders. GDPR imposes legislation on every organization that handles EU citizen data in order to deliver products or services. Inability to demonstrate compliance with GDPR will yield hefty penalties of 20+ million euros.

Report

The Guide to Building Your Vendor Risk Management Program

Tackling the problem of vendor risk is not made any easier with technology solutions being added by the day. Current vendor risk management processes are not equipped to handle the growing demand of security risk assessments for new and existing third-parties. Learn how you can improve your vendor risk management program to handle the modern risk.

Webinar

IAPP Webinar: Vendor Management — Assuring Data Privacy and Security Compliance [Recording]

The personal and sensitive data your organization manages is only as safe as the weakest link in your supply chain. Organizational obligations regarding data privacy and security exist not only for the primary data handler but also for its third-party service providers.

Video

The U.S. Cybersecurity Landscape

SecurityScorecard CEO Aleksandr Yampolskiy discusses how U.S. companies can protect against cyber attacks.

Video

Cyber-Hunting for Extremists

As extremist organizations use the internet to spread propaganda and recruit, government agencies develop new techniques to hunt them.

Webinar

RSA Archer and SecurityScorecard Present: Managing Third Party Risk Using Security Ratings [Recording]

Third-party suppliers and partners are continuing to become a critical part of an organization’s extended enterprise; they provide many valuable business services – including billing, records management, cloud storage, and OEM. But, the increase in third-party relationships also create additional challenges to today’s risk management processes.

Video

Tech Zone with Paul Amadeus Lane- Ep. #23 Pt 1- HealthCare Industry Cybersecurity Report

2016 Healthcare Industry Cybersecurity Report - a comprehensive analysis exposing alarming cybersecurity vulnerabilities across 700 healthcare organizations including medical treatment facilities, health insurance agencies and healthcare manufacturing companies.

Video

Tips to Avoid Fraud: Online Shopping for the Holidays

It's safe to say most of you are shopping online this year, but with news of breaches and hackers, how safe is your information when shopping online? Sam Kassoumeh COO and Co-founder of SecurityScoreCard says there's some things to keep in mind to avoid credit card fraud and email spoofing from even the largest online retailers.

Financial Case Study

Case Study: Farm Credit

Farm Credit Mid-America is one of the largest agricultural lending cooperatives within the U.S. Farm Credit System, with 1,100 employees and more than 100,000 customers. We spoke to Chief Security Officer and Assistant Vice President of Database Systems Mike Everett about how Farm Credit operationalizes SecurityScorecard.

Financial Case Study

Case Study: Liquidnet

Liquidnet is the global institutional trading network where the world’s top asset managers, managing over 15 trillion dollars in assets, come to execute their large equity trades. Protecting sensitive information is one of Liquidnet’s top priorities, so if an issue compromises their security, it is a potentially business-ending event.

Tool

Instant SecurityScorecard

Instant SecurityScorecard provides a free limited summary view into the security posture of your organization that can be accessed every 30 days. It does not reflect or provide access in to the SecurityScorecard platform.

Case Study

Case Study: TriNet

TriNet has been a cloud-based human resources solutions provider since 1988. With 300,000 users and 10,000 clients they needed a simple solution that would continuously monitor the security posture of their third party vendors, of which the overwhelming majority of are in the cloud.

Tool

Malware Grader

Malware Grader is a free tool that enables security professionals to monitor malware emanating from their infrastructure that is publicly viewable. The tool provides a weekly summary that lists all malware detected within the last 30 days by IP address, last detection date, first detection date, and the malware family it belongs to.

Healthcare Case Study

Case Study: Healthwise

Healthwise is a global provider of consumer health content and patient education for the top health plans, care management companies, hospitals and consumer health portals. It is a non-profit organization that has been in operation for more than 40 years.

Video

Hacking Higher Education

While college students hit the books, hackers are stealing their private information. Universities are the third most-hacked industry behind healthcare and retail. Reuters explores the cyber threat across America’s academic landscape.

Report

2017 Financial Industry Cybersecurity Research Report

SecurityScorecard analyzed and evaluated the security posture of nearly 3,000 financial institutions to find existing vulnerabilities within banks, investment firms, and other financial organizations to determine the cybersecurity performance of the financial sector.

No waiting, 100% Free

Get your personalized scorecard today

Get your free scorecard and learn how you stack up across 10 risk categories. Answer a few simple questions and we'll instantly send your score to your business email.

Get Your Free Score

Get In Touch

Thank you for contacting us!

Request a Demo

Thank you for requesting a demo!