SecurityScorecard is the global leader in cybersecurity ratings and the only service with over a million companies continuously rated. SecurityScorecard’s patented rating technology is used by over 1,000 organizations for self-monitoring, third-party risk management, board reporting, and cyber insurance underwriting; making all organizations more resilient by allowing them to easily find and fix cybersecurity risks across their externally facing digital footprint. SecurityScorecard is the only provider of instant risk ratings that automatically map to vendor cybersecurity questionnaire responses – providing a true 360 degree view of risk.
SecurityScorecard Ratings offer easy-to-read A-F ratings across ten groups of risk factors including DNS health, IP reputation, web application security, network security, leaked information, hacker chatter, endpoint security, and patching cadence. SecurityScorecard Ratings evaluate an organization’s cybersecurity risk using data-driven, objective, and continuously evolving metrics that provide visibility into any organization’s information security control weaknesses as well as potential vulnerabilities throughout the supply chain ecosystem.
The SecurityScorecard platform delivers a dynamic view of any organization’s security posture, updated daily to take the latest set of issues into account. The aggregated information is summarized based on a standard 0 to 100 measurement metric that maps to a simple color-coded letter grade. The highest letter grade is an “A,” which indicates a low number of recent security issues, followed by “B,” “C,” “D,” and “F,” as the number of threat indicators increases.
The scoring process starts with collecting data on security issues across ten risk factor categories (see General Explanation of Sources). For each set of issues within a factor, we look at quantity, severity, and age of issues. We then calculate a score value for each issue type. These are then combined to calculate the factor-level score. The overall score and letter grade are based on factor scores, each of which has a specific weighting based on its contribution to security risk.
Next-Gen Scoring assesses scores based on the number of identified issues and the size of the company’s digital footprint. The algorithm calculates the mean and standard deviation of observed issue counts to inform the score based on the variation between findings and expectations for the company’s size, as informed by its digital footprint.The algorithm also calculates the expected impact of remediating a specific issue on the company’s overall score.
NGO-ISAC members have access to a view of their organization’s security scorecard within this site, a portfolio of 5 additional companies as well as the ability to search for companies they wish to research.
See your organization’s scorecard status at a glance with the scorecard status indicator.
View your organization’s scorecard from within the NGO-ISAC website with access to the fully interactive view on the SecurityScorecard website.
Create a portfolio of up to five vendors for a quick view of their status. Search for additional vendors.