About SecurityScorecard IT Services company in New York, United States
Use Cases
Industries
To make the world a safer place by transforming the way companies understand improve and communicate cybersecurity risk to their boards employees and vendors.
SecurityScorecard is the global leader in cybersecurity ratings and the only service with over a million companies continuously rated. SecurityScorecards patented rating technology is used by over 1000 organizations for self-monitoring third-party risk management board reporting and cyber insurance underwriting; making all organizations more resilient by allowing them to easily find and fix cybersecurity risks across their externally facing digital footprint. SecurityScorecard is the only provider of instant risk ratings that automatically map to vendor cybersecurity questionnaire responses - providing a true 360 degree view of risk.
Sam and I were assessing the security of a large financial provider that offered a fraud prevention product for vetting all e-commerce transactions. We spent weeks talking to them and reviewing their daunting 30-page security questionnaire. At the same time our Financial Controller was standing outside my office every day impatiently asking Why are we not expediting the security assessment? We need this product YESTERDAY!
Our security instincts told us that despite the pressure to sign a contract for a partnership we desperately needed the impatience of the deal would not cloud a deeper vetting of the partner. The evaluation we needed could not be obtained by simply working on the questionnaire and waiting for the vendor to answer the deeper security questions they were avoiding.
We continued working on the assessment losing money in e-commerce fraud that the solution could have prevented. We started poking around using passive security research methods and discovered signs on the Internet that the company was compromised. We could have lost our data if we rushed the deal. After discovering the vendors security issues we incorporated specific legal provisions into the contract to protect the company.
It was during this experience we identified the opportunity for SecurityScorecard.
We thought What if we could engineer a way that would allow one company a deep view into another companys security posture that would be instant accurate and independently verifiable without having to ask permission or wait around for weeks for answers to important security questions?
We strongly believed there were non-intrusive ways to obtain a clearer picture of the security health of a company which could really help speed up and complement the vetting process. This experience was an epiphany for us.