Connect with us

Hi, what are you looking for?


Cyber Insurance

SecurityScorecard Guarantees Accuracy of Its Security Ratings

SecurityScorecard is offering free digital forensics and incident response (DFIR) services to customers that have scored an ‘A’ rating if they have been breached.

SecurityScorecard delivers security posture assessments by analyzing companies’ external surface visibility. It is so convinced on the accuracy of these assessments that it is now offering free digital forensics and incident response (DFIR) services to customers that are breached.

The offer, called Score Guarantee, is dependent on two things. First, the customer must have scored an ‘A’ rating in its surface analysis, and second, the complementary DFIR is limited to 20 hours.

The Score Guarantee is not related to cyberinsurance. Although the firm and its ratings are used by insurance underwriters, the Score Guarantee is neither underwritten by insurers, nor intended to be an alternative to insurance. It is purely the firm’s statement of confidence in its own services.

In reality, a company sufficiently security aware and active to receive an ‘A’ rating is likely to have separate cyberinsurance. However, SecurityScorecard is sufficiently confident in its ratings, that the guarantee is independent of the usual retentions, deductibles, exclusions, or additional conditions of cyberinsurance. 

For example, it is not subject to the cyberinsurance war exclusion clause. Mitchell Bezzina, VP of product marketing & GTM, told SecurityWeek, “Our guarantee would apply regardless of the insurance company’s decision to cover the incident. We have no exclusions related to the type of incident.”

The Guarantee is entirely unrelated to any cyberinsurance. “Whether or not a company has cyber insurance is a decision personal to that customer and its risk management strategy,” continued Bezzina. “For example, it may elect to self-insure, or it may have a risk appetite that dictates a limited need for insurance. If a qualified customer has an incident, it will gain 20 hours of complementary IR services – any other response costs beyond that are taken by the customer in accordance with its risk management strategy.”

SecurityScorecard’s confidence comes from its own research showing that companies receiving an a ‘A’ rating are 7.7-times less likely to suffer a cyber-incident than companies receiving an ‘F’ rating. 

Advertisement. Scroll to continue reading.

SecurityScorecard can highlight areas where defense should be improved. The same principles can be applied to supply chain thirty-party websites. In February 2023, the firm’s research revealed that 98% of organizations have a relationship with a third party that has been breached.

But if weaknesses found by the firm’s analyses are improved and an ‘A’ rating is achieved, a breach is less likely – and the firm will underwrite its confidence in this assertion with 20 hours of free DFIR. The Guarantee is a clear statement from the company: “if your organization increases its security rating to an A, it is less likely to experience a cyber incident.” No ifs or buts.

Headquartered in New York City, SecurityScorecard was founded in 2013 by Aleksandr Yampolskiy (CEO), and Sam Kassoumeh (COO). It has raised a total of $292.2 million, most recently in a Series E round of $180 million in March 2021. This followed a Series D round of $50 million in June 2019. 

Related: BitSight Raises $250 Million at $2.4 Billion Valuation

Related: The Wild West of the Nascent Cyber Insurance Industry

Related: Consortium Promotes Principles for Fair and Accurate Security Ratings

Written By

Kevin Townsend is a Senior Contributor at SecurityWeek. He has been writing about high tech issues since before the birth of Microsoft. For the last 15 years he has specialized in information security; and has had many thousands of articles published in dozens of different magazines – from The Times and the Financial Times to current and long-gone computer magazines.

Click to comment

Daily Briefing Newsletter

Subscribe to the SecurityWeek Email Briefing to stay informed on the latest threats, trends, and technology, along with insightful columns from industry experts.

SecurityWeek’s Threat Detection and Incident Response Summit brings together security practitioners from around the world to share war stories on breaches, APT attacks and threat intelligence.


Securityweek’s CISO Forum will address issues and challenges that are top of mind for today’s security leaders and what the future looks like as chief defenders of the enterprise.


Expert Insights

Related Content


A recently disclosed vBulletin vulnerability, which had a zero-day status for roughly two days last week, was exploited in a hacker attack targeting the...

Risk Management

The supply chain threat is directly linked to attack surface management, but the supply chain must be known and understood before it can be...

Data Breaches

LastPass DevOp engineer's home computer hacked and implanted with keylogging malware as part of a sustained cyberattack that exfiltrated corporate data from the cloud...

Application Security

GitHub this week announced the revocation of three certificates used for the GitHub Desktop and Atom applications.

Data Breaches

GoTo said an unidentified threat actor stole encrypted backups and an encryption key for a portion of that data during a 2022 breach.


The overall effect of current global geopolitical conditions is that nation states have a greater incentive to target the ICS/OT of critical industries, while...

Incident Response

Microsoft has rolled out a preview version of Security Copilot, a ChatGPT-powered tool to help organizations automate cybersecurity tasks.

Cyber Insurance

Cyberinsurance and protection firm Boxx Insurance raises $14.4 million in a Series B funding round led by Zurich Insurance.