Cybersecurity Research & Insights

Explore our cybersecurity white papers, data sheets, webinars, videos and more.


Addressing Brazil Lei Geral de Proteção de Dados (LGPD)

Learn how you can achieve, maintain and enable compliance with LGPD and other leading regulations and industry standards in your area.

Financial Case Study

Case Study: Modulr

By using SecurityScorecard, Modulr was also able to decrease operational costs, increase objectivity, reduce human error and more. Read the case study.

Media Case Study

Case Study: Horizon Media

Learn how Horizon Media used SecurityScorecard to make strategic changes to their IT infrastructure and increase cybersecurity hygiene.

On-Demand Webinar

Transformation of Cybersecurity Risk with CSA

The cyber landscape is continuing to evolve, and we're seeing digital trends continue to change. Digital technologies are accelerating the ability to do business, and really digitizing everything.

Healthcare Report

Data Security in Healthcare Needs Intensive Care

Despite stringent data security, compliance and reporting requirements, the healthcare industry continues to struggle with cybersecurity. Read our report.


Data Lifecycle Protection and Privacy

With privacy regulations brewing across the globe and consumers becoming more knowledgeable than ever about their privacy rights – can we now assume our personal data is now more secure than ever? Watch the video.

On-Demand Webinar

SecurityScorecard's Mission & The Importance of Cybersecurity Ratings

We take viewers through the journey of SecurityScorecard, what problems we are solving, and why it’s important.

Data Sheet

SecurityScorecard for PCI Compliance

Download our Data Sheet to learn how you can meet evolving PCI requirements by maturing your PCI DSS compliance.

Analyst Report

Gartner's Top 10 Security Projects for 2019 Report

In their latest report, Gartner—the world's leading information technology research and advisory company—examines the top security projects that security and risk management (SRM) leaders should focus on in 2019, including cybersecurity ratings!


Sam Kassoumeh Discusses New Feature Release: Custom Scorecard

SecurityScorecard is continuously working to deliver enhancements. We recently released a new feature, Custom Scorecard, as a part of the SecurityScorecard Ratings product. Users can now divide and score segments of their company (or a partner’s organization), including business lines, subsidiaries and organizational departments.


Assessing Exposure & Organizational Behavior to the BlueKeep Vulnerability

SecurityScorecard researchers have used this BlueKeep event as a way to study companies’, and organizations’ response to this vulnerability over time.​​ Learn more.

On-Demand Webinar

A Dive Into SecurityScorecard's Scoring Model, Risk Factors, and Data Collections

Take a dive into SecurityScorecard's scoring model, risk factors, and data collections from the likes of our data science and threat intelligence experts.

On-Demand Webinar

It's a Compliance World - New standards for global privacy requirements and regulations

Learn how the new standards for global privacy requirements and regulations have transformed over time. Download the webinar.


Trust & Transparency, Introducing SecurityScorecard's Trust Portal

CEO and Co-Founder, Alex Yampolskiy, speaks about the fundamental importance of trust and transparency in security ratings.

On-Demand Webinar

Simplifying Security: Breaking Down the World of Cyber Hygiene

Join SecurityScorecard and CyberHeroes as we take you through the importance of cyber hygiene in an animated webinar series that helps relate important cyber strategies to your favorite childhood superheroes!

White Paper

Continuous Oversight in the Cloud: How to Improve Cloud Security, Privacy and Compliance

This white paper advocates for continuous oversight of the wide variety of cloud services used by organizations—a set of distinct, but related, management and assurance practices that address critical emerging risk domains, including security, privacy and compliance.


Interview with Aleksandr Yampolskiy at HMG's CISO Executive Leadership Summit

Watch this interview with Aleksandr Yampolskiy at HMG's New York CISO Executive Leadership Summit

White Paper

Explanation of SecurityScorecard's Rating Data

This white paper provides detail on the active and passive collection methods and signal types that are in use by the SecurityScorecard solution.


Analysis of Cyber Risk Exposure for U.S. and European Political Parties Report

How are the political establishments responding to the threat of attack? And, are they prepared to effectively respond to an escalation in cyber activities? FInd out our findings in our report.


7 Key Elements to Building a Compliance Program

To remain solvent, companies need to mature their compliance programs to protect themselves from the financial, reputational, and operational risks associated with data breaches. This ebook covers seven key elements of building a compliance program.

Financial Report

2019 Payment Card Fraud & the Financial Crime Ecosystem Report

Cybercriminals continue to infiltrate payment card systems to obtain cardholder data. Despite the rigorous compliance requirements set out by the Payment Card Industry Security Standards Council (PCI SSC), merchants and vendors find themselves as prime targets. Download this report to see the most recent findings.

Data Sheet

Global Cyber Security Data Insights

Download this data sheet that outlines our global findings of the cybersecurity of companies in the financial industry, and see which region's results we deem to be concerning.

On-Demand Webinar

The 2019 Forrester Consulting Total Economic Impact™ Of SecurityScorecard Webinar

SecurityScorecard commissioned Forrester Consulting to conduct a Total Economic Impact™ (TEI) study and examine the potential return on investment (ROI) enterprises may realize by deploying SecurityScorecard’s Security Ratings Platform

On-Demand Webinar

Improve Security, Privacy and Compliance with Continuous Oversight with ISACA

Security programs must be aligned with privacy and compliance programs to ensure those areas of data protection compliance are appropriately met and monitored, and then actions based on maturity levels must be aligned with information assurance programs.

Analyst Report

The 2019 Forrester Consulting Total Economic Impact™ of SecurityScorecard Report

SecurityScorecard commissioned Forrester to conduct a Total Economic Impact™ (TEI) study and examine the potential return on investment (ROI) enterprises may realize by deploying SecurityScorecard’s Security Ratings Platform

On-Demand Webinar

Third Party Risk Management - Best Practices and Tips featuring Verterim

Third Party Risk Management processes are evolving at a rapid pace, and the need to balance efficiency, compliance, and risk is challenging teams more than ever. Join this webinar with Verterim to learn more about TPRM, and its importance for the future of security.

Atlas Data Sheet

Atlas Overview

Learn how Atlas accelerates the due diligence exchange process by enabling organizations to manage, complete and review with ease in a central repository.

On-Demand Webinar

Security Score is the New Credit Score with Axcient

Join Axcient Chief Security and Compliance Officer, Joshua Foltz alongside the SecurityScorecard team to discover how Axcient dramatically outperformed the competition, commanding an industry-leading ‘A’ rating.

On-Demand Webinar

Measuring Cybersecurity through Behavioral Analytics - an Outside-In Approach

This webinar explains the state of cybersecurity in the modern world, and what best practices are for measuring it - differently. It discusses the importance of behavioral analytics, and how to make use of an “outside-in approach” when measuring cybersecurity.


2019 Healthcare Cyber Security Report

SecurityScorecard looked at over 26,000 healthcare companies in 2018-2019. Some struggles continue within the healthcare industry as companies fail to protect patient and organizational data.

Case Study

Case Study: Axcient

Learn how Axcient uses our cyber security ratings to review performance, ensure continuous monitoring and ongoing compliance. Read the case study.


Cybersecurity Impact Analysis of US Government Shutdown

SecurityScorecard developed this report to outline observable changes within the external security postures of US federal government entities during the period throughout the US Government Shutdown of 2018 - 2019.


2018 Education Cybersecurity Report

In 2018, SecurityScorecard analyzed 2,393 companies with a footprint of 100 IP addresses or more in the education industry. We found the following:


SecurityScorecard Named a Leader in The Forrester New Wave

We started this journey together in 2013. Since then, we have helped hundreds of companies improve the cybersecurity capabilities of their ecosystem. Today, we were named as a Leader in The Forrester New Wave™: Cybersecurity Risk Rating Solutions, Q4 2018 report.

Analyst Report

The Forrester New Wave™: 2018 Cybersecurity Risk Rating Solutions

SecurityScorecard Stands Out for its Core Cyber-Risk Rating Capabilities: Data Collection, Rating Efficacy & Transparency, Vendor Review & Collaboration


SecurityScorecard Vendor Risk Management Video

In this short video, I’ll provide a quick demo of how to use the SecurityScorecard security ratings platform to gain an outside-in hacker view of vendor security, and quickly assess and manage risk in your third-party ecosystem


Score Planner Feature Introduction

Your organization probably has security vulnerabilities it may need to fix, but you struggle to identify which vulnerabilities to prioritize. Additionally, you’ve been told your organization needs to maintain a certain security score within SecurityScorecard to meet your customer’s requirements. All this leads to the question, “How do I get there?”


Event Log Feature Introduction

With SecurityScorecard’s new Issue Level Event Log, we are increasing transparency associated with score changes and enabling you to quickly pinpoint the specific issues that impacted your score.

On-Demand Webinar

2018 ISACA Webinar Continuous Assurance Using Data Threat Modeling

Learn more about continuous assurance using data threat modeling and see what a hacker sees when assessing risk to data. Walk away with best practice recommendations on how to minimize risk to critical data.


2018 Retail Cybersecurity Report

SecurityScorecard analyzed 1444 domains in the retail industry over a recent six month period. The results display that although hackers have become increasingly clever with stealing credit card data, the retail industry is no better prepared to deal with the threat.

Data Sheet

Event Log Data Sheet

Gain transparent visibility into all score changes

Data Sheet

Next-Gen Cyber Security Scoring Data Sheet

Get a transparent view of cyber security risk

Data Sheet

Score Planner Data Sheet

Take control of your security rating and easily boost your score

On-Demand Webinar

Take Control of Your Rating and Easily Boost Your Score with Score Planner

Transparent understanding of what issues to prioritize in order to improve your score is now a key component of the SecurityScorecard Platform!


Top 15 Chief Information Security Officers 2018

SecurityScorecard looked into the top 15 CISOs and the programs that have pushed their organizations forward in terms of cybersecurity; We ran an analysis looking at the security ratings of organizations over a six month period and identified which organizations improved those scores the most; whether overall or within a specific risk area.

White Paper

New Phorpiex/Trik Variant Poses Threat Through Remote Access

The newest Phorpiex/Trik variant has the ability to infect machines with ransomware by targeting desktops, laptops, and other endpoints running server-side remote access applications. With increasing numbers of companies offering remote-work options to their employees, many corporate endpoints may be running these applications.

White Paper

Insights into the Auditor’s Perspective

Internal audits lives at the intersection of cybersecurity and best practices while external audit protects organizations from regulatory penalties.

White Paper

The Legality of SecurityScorecard Data Collection

​SecurityScorecard delivers security ratings that empower enterprises to instantly and accurately monitor, assess and understand their own cybersecurity posture as well as the cyberhealth of all vendors and business partners in their ecosystems.

White Paper

Continuous Assurance Using Data Threat Modeling

ISACA & SecurityScorecard teamed up to write about continuous assurance using data threat modeling.

Financial Case Study

Case Study: Cadence Bank

Find out how SecurityScorecard helps Cadence Bank perform thorough security vendor risk assessments, and improves accountability. Learn more.

White Paper

The Business Case for Investing in a Security Ratings Platform

Many cyber breaches occur as a result of third-party vendor relationships and these types of attacks are on the rise. The cost factors associated with a breach can include data loss, operational downtime, incident recovery, shareholder and customer lawsuits, regulatory fines and reputational damage.

White Paper

What Financial Institutions Need To Know About Cybersecurity and Audit Controls

Industry reports draw attention to consistent financial audit outcomes from year to year. Learn what you need to know about cybersecurity and audit controls within financial industries.

On-Demand Webinar

GDPR enforcement is here. Are you ready?

The General Data Protection Regulation (GDPR) tidal wave that has hit, are you ready?

White Paper

Cyber Insurance & Security Ratings

This whitepaper provides detail on how cyber insurance providers can use security ratings to assess cyber risk as part of issuing cyber liability insurance policies.

White Paper

Operationalizing SecurityScorecard in Your Vendor Risk Management Program

In this paper, we will review key areas to operationalize Vendor Risk Management with SecurityScorecard. This includes the vendor landscape, considerations when conducting the risk assessment as well as what to include in vendor contracts.

On-Demand Webinar

Forrester Webinar: Security Ratings Set the Standard

In this webinar, guest speaker Heidi Shey, Forrester Senior Analyst - Security and Risk, will discuss the study’s methodology and findings including that, “enterprises need robust platforms that can score and rate ecosystem risks to provide visibility into risks and help organizations improve their security posture more effectively.”

Analyst Report

The Expanding Role of Cyber Security Ratings

In its Top Recommendations For Your Security Program, 2018 report, Forrester Research reports that “New cyber risk ratings and increased senior executive scrutiny require you to prove your security practices are solid. Often, this means tightening your practices with third parties or suffering their fate if they fail.”

Analyst Report

Cyber Security Ratings Set the Standard - Forrester

In this Forrester report, commissioned by SecurityScorecard, Forrester found that, “Enterprises need robust platforms that can score and rate ecosystem risk to provide visibility into risks and help organizations improve their security posture more effectively.”

Ecosystem Risk Management Case Study

Case Study: Gunderson Dettmer

Learn how SecurityScorecard helped Gunderson Dettmer enhance their cyber security posture and maintain client confidence. Read the case study.

Ecosystem Risk Management White Paper

Calculating Total Risk Across Third-Party Portfolios

With cyber crime-related costs to hit $6 trillion annually by 2021 and continued high-profile breaches in news headlines, more and more organizations fear that one cyber-attack could suddenly put a stop to growth and profitability.


2018 Government Cyber Security Report

Government agencies must leverage cybersecurity best practice tools and technologies and tailor risk mitigation strategies to address the unique requirements of election security and integrity.

White Paper

Understanding Cyber Security Ratings

Security ratings grade your organization on how well it protects information. In a digital world, the importance of data and your company’s protection of that data parallels your income and protection of financial assets.

White Paper

Man-in-the-Browser Attacks Target Coinbase and Blockchain Websites

Cryptocurrency is digital, decentralized currency. In the past, cybercriminals primarily just used cryptocurrency to receive money in an anonymized manner.

Ecosystem Risk Management White Paper

Preserving the Cyber Health of the Vendor Ecosystem

While there are a few steps that can be taken to validate a partner’s cyber readiness, they each have their weaknesses and drawbacks. We show you the primary shortcomings of common assessment techniques, using a real-time, machine learning-driven security platform, the value that a reconnaissance platform can provide, and insights from other companies.

On-Demand Webinar

Aravo: Cybersecurity & Vendor/Third-Party Risk: From Predictive Insight to Action

SecurityScorecard provides significant insight into the cyber risk associated with 100s and perhaps 1000s of vendors with trusted access. Without SecurityScorecard, organizations have no idea how susceptible third-parties make them to risk of breach. Without SecurityScorecard, continuous monitoring of vendors' security postures was mere fantasy.

Ecosystem Risk Management White Paper

NIST SP 800-171

NIST SP 800-171 required government contractors to provide “adequate security” to protect protect “controlled but unclassified information” (CUI) by December 31, 2017. While its main objective is to drive better cyber controls to protect CUI in non-federal systems and organizations, navigating the standard requires some understanding of its structure.

White Paper

How Security Ratings Improve Risk Awareness While Delivering a Solid ROI

Combatting cyber security risk is already a difficult challenge given the dynamic cyber security risk landscape and evolving sophistication of cyber attacks. Without visibility into internal and external risk, this battle becomes harder. Organizations lacking awareness of the risks posed to their data are left struggling to find the best steps forward.

Analyst Report

Analyst Insights Bundle

Security Ratings solutions are coming of age and rapidly becoming indispensable for combatting internal and external cybersecurity risk. Analysts are increasingly making the case for investment in security ratings services for a variety of applications.

On-Demand Webinar

Webinar: Where Do Cyber Risks and GDPR Compliance Meet?

Learn more about how cyber-risks can translate into non-compliance with laws and regulations. With its global impact, GDPR has been selected as the area of focus for this session. Fouad Khalil, Head of Compliance at SecurityScorecard, will go into how GDPR's mandates map to vulnerabilities, technical controls, and requirements for cybersecurity posture.

On-Demand Webinar

GDPR Penalties

Watch this session with Mike Resseler, Veeam Product Management Director, as he discusses: insights and five key lessons that we learned through our own compliance to help you on the path to thinking about GDPR compliance, how to accelerate your GDPR efforts today, existing data management strategies and tactics for efficient IT assessment and more.

Healthcare White Paper

HIPAA Compliance: Risk Analysis & Mitigation Strategies

The Health Insurance Portability and Accountability Act (HIPAA) prompted the HHS to issue the rules on the specific areas of HIPAA. These rules define uniform standards for transferring health information among healthcare providers, health plans, and clearinghouses while securing health information and ensuring patient privacy and confidentiality.

White Paper

Transforming Insights into Cyber Resilience via Technology Integration

Enterprises struggle with the increasingly difficult mandate to consistently improve, maintain, and document cybersecurity in order to protect brand reputation, customer trust, and the bottom line. Top of mind on the cyber security agenda is adopting a more agile approach to managing emerging risks across an organization’s third-party portfolio.

White Paper

The Cost of Complacent Cyber Security

Ever wish you could just give in to despair and stop worrying about imminent security threats and let your network operate on cruise control? It’s a tempting thought given the escalating number of threats and the challenges involved in prioritizing them in terms of business risk cost and time to remediate.


2018 Healthcare Cyber Security Report

Looking at more than 1200 healthcare companies from July to the end of 2017, SecurityScorecard’s research team analyzed information such as issue severity, industry-defined risk level, corporate peer performance, and more.

On-Demand Webinar

Translating Security into the Language of Business

The security industry needs to learnt he language of business. As we see the convergence of information technology, operational technology, and the human element, we need to converge on a taxonomy that allows us to speak in terms of impact and dollars and cents.

White Paper

The Cost of Doing Nothing

The European Union's (EU) General Data Protection Regulation (GDPR), effective May 25, 2018, reaches far beyond the Continent's borders. GDPR impacts every organization that handles EU resident personal data in order to deliver products or services. Non-compliance with GDPR will yield hefty fines up to 20 million euros.

White Paper

Enable Your Organization’s GDPR Compliance

With the never-ending cycle of new and updated security and privacy regulations and standards, we at SecurityScorecard are continuously monitoring and preparing for impacts of what is sure to be a compliance-heavy tidal wave in 2018. Download now to learn some of the key requirements and controls worth noting.


2018 Big 500 Index Report

According to Cybersecurity Ventures, cyber crime-related costs to hit $6 trillion annually by 2021 and continued high-profile breaches in news headlines, more organizations fear that one cyber-attack can suddenly put a stop to the growth and profitability of the company-- and leading enterprises, like those similar to the S&P 500, are no exception.

Healthcare Case Study

Case Study: Greenville Health System

Find out how SecurityScorecard helped Greenville Health System improve their cyberhealth and maintain compliance with standards and regulations.

On-Demand Webinar

Forrester Webinar: Security Ratings - A Mission Critical Tool for Vendor Risk Managers and Beyond

While not yet a silver bullet, security ratings are emerging as a necessary tool in the vendor risk management armamentarium that can significantly reduce risk in your IT ecosystem, including both third-party and fourth-party risk.


2017 Retail Cybersecurity Report

With the Holiday season upon us, SecurityScorecard analyzed 1924 companies in the retail industry from January to October of this year, looking at this industry as compared to other major U.S. industries and at the cybersecurity indicators of the best and worst cybersecurity performers.

Healthcare Case Study

Case Study: Cyber Security in Healthcare

Find out how one healthcare insurance provider improved its affiliates cybersecurity health using SecurityScorecard. Learn more.


2017 IoT Cybersecurity Research Report

SecurityScorecard identified 34,062 IPv4 addresses on the public internet which all display the symptoms expected from an embedded device infected with Mirai IoT malware.

Healthcare Case Study

Case Study: Children’s Hospital of Minnesota

Find out how Children's Minnesota improved their security risk rating, as well as vendors' ratings with the help of SecurityScorecard. Learn more.

White Paper

Preparing for GDPR

The European Union’s (EU) General Data Protection Regulation (GDPR), effective May 25, 2018, reaches far beyond the Continent’s borders. GDPR imposes legislation on every organization that handles EU citizen data in order to deliver products or services. Inability to demonstrate compliance with GDPR will yield hefty penalties of 20+ million euros.


The Guide to Building Your Vendor Risk Management (VRM) Program

Tackling the problem of vendor risk is not made any easier with technology solutions being added by the day. Current vendor risk management processes are not equipped to handle the growing demand of security risk assessments for new and existing third-parties. Learn how you can improve your vendor risk management program to handle the modern risk.

On-Demand Webinar

IAPP Webinar: Vendor Management — Assuring Data Privacy and Security Compliance

The personal and sensitive data your organization manages is only as safe as the weakest link in your supply chain. Organizational obligations regarding data privacy and security exist not only for the primary data handler but also for its third-party service providers.


The U.S. Cybersecurity Landscape

SecurityScorecard CEO Aleksandr Yampolskiy discusses how U.S. companies can protect against cyber attacks.


Cyber-Hunting for Extremists

As extremist organizations use the internet to spread propaganda and recruit, government agencies develop new techniques to hunt them.

On-Demand Webinar

RSA Archer and SecurityScorecard Present: Managing Third Party Risk Using Security Ratings

Third-party suppliers and partners are continuing to become a critical part of an organization’s extended enterprise; they provide many valuable business services – including billing, records management, cloud storage, and OEM. But, the increase in third-party relationships also create additional challenges to today’s risk management processes.


Tech Zone with Paul Amadeus Lane- Ep. #23 Pt 1- HealthCare Industry Cybersecurity Report

2016 Healthcare Industry Cybersecurity Report - a comprehensive analysis exposing alarming cybersecurity vulnerabilities across 700 healthcare organizations including medical treatment facilities, health insurance agencies and healthcare manufacturing companies.


Tips to Avoid Fraud: Online Shopping for the Holidays

It's safe to say most of you are shopping online this year, but with news of breaches and hackers, how safe is your information when shopping online? Sam Kassoumeh COO and Co-founder of SecurityScoreCard says there's some things to keep in mind to avoid credit card fraud and email spoofing from even the largest online retailers.

Financial Case Study

Case Study: Farm Credit

Learn how SecurityScorecard helps Farm Credit easily monitor third party vendor risks and maintain compliance with regulatory guidelines. Learn more.

Financial Case Study

Case Study: Liquidnet

Liquidnet uses SecurityScorecard to quickly and easily quantify the security performance of their vendors as well as providing continuous monitoring.


Instant SecurityScorecard

Instant SecurityScorecard provides a free limited summary view into the security posture of your organization that can be accessed every 30 days. It does not reflect or provide access in to the SecurityScorecard platform.

Case Study

Case Study: TriNet

Discover how SecurityScorecard helps TriNet gain immediate visibility into the risks lurking in third party environments. Read the case study.

Healthcare Case Study

Case Study: Healthwise

Discover how SecurityScorecard helped Healthwise gain confidence in the cybersecurity of their vendor ecosystem. Read the case study.


Hacking Higher Education

While college students hit the books, hackers are stealing their private information. Universities are the third most-hacked industry behind healthcare and retail. Reuters explores the cyber threat across America’s academic landscape.


2017 Financial Industry Cybersecurity Research Report

SecurityScorecard analyzed and evaluated the security posture of nearly 3,000 financial institutions to find existing vulnerabilities within banks, investment firms, and other financial organizations to determine the cybersecurity performance of the financial sector.

No waiting, 100% Free

Get your personalized scorecard today

Get your free scorecard and learn how you stack up across 10 risk categories. Answer a few simple questions and we'll instantly send your score to your business email.

Get Your Free Score

Get In Touch

Thank you for contacting us!