Security-scorecard – Risk Assessment Made Simple!

An interview with Susanne Gurman of SecurityScorecard, from Black Hat 2019

Las Vegas, NV – Amidst all the hustle and bustle of Black Hat 2019, I was privileged to have an opportunity to sit down with Susanne Gurman, vice president of revenue marketing at SecurityScorecard. We delved into some aspects of the fascinating work they are doing, their corporate mission, and her vision for the future of the cyber risk assessment industry.

SecurityScorecard rates cybersecurity postures of corporate entities through the scored analysis of cyber threat intelligence external signals for the purposes of assessing third party risk and third party risk management, self-monitoring, merger, and acquisition due diligence and more. .[1] What sets SecurityScorecard apart is the company’s focus on transparency, ensuring that its clients fully comprehend the reasons behind the score(s) provided. “We open up our back-end information so that people can understand what kind of data we extract and the methodologies used to create those scores,” Gurman says. “We do an outside-in, non-intrusive assessment of an organization’s online footprint, to see what a hacker sees. To compliment our outside-in perspective, we launched our inside-out, questionnaire and evidence exchange solution, Atlas.  Combining Atlas with our security ratings gives customers a complete 360-degree view of their third party risk.”

Perhaps most importantly, SecurityScorecard provides actionable analytics, providing customers with the ability to see exactly where the issues are, and address them accordingly. “An organization can review and understand the types of risks associated with their online footprint.” Gurman continues, “then, they can identify key areas of risk to help mitigate them.”

SecurityScorecard must be doing something right because they continue to grow at breakneck pace. “It is our mission to score as many organizations as we possibly can,” Gurman adds. “Today, we have over 1 million companies scored, which is hundreds of thousands more than any other security rating out there!”

Their progress hasn’t gone unnoticed, and SecurityScorecard recently secured additional investment capital to help with the company’s proliferation. “We just secured another round of funding back in June 2019, and that was really to help us expand globally,” says Gurman. “We currently have a very good foothold in the United States, and we are branching out into other regions, like South America, Europe, and the Asia Pacific.”

Perhaps most interesting was the application of SecurityScorecard’s risk assessment scores to the world of cyber insurance. According to Gurman, “[Cyber insurance companies] utilize our understanding of their online risk threshold for potential customers or [current] customers, and they can more accurately underwrite the policies which they are providing.” In addition, cyber insurance companies use SecurityScorecard’s continuously updated scores to keep track of their clients’ security postures. “We can see when [a security score] dips, and they can be alerted when it dips. That way, they can change in real-time based on the policies, whether the fees go up or they have a standard set time to get their score back.”

The future seems bright for SecurityScorecard. “Gartner says that by 2022, security ratings will be as mandatory as credit scores,” Gurman concludes. “I see SecurityScorecard being the gold standard of security ratings, and [being integrated] in every organization’s critical business processes.”

Gary Berman, Cybersecurity Reporter

Cyber Defense Magazine

Gary Berman is a contributing reporter for Cyber Defense Magazine. He was the victim of a series of insider hacks for several years until he made the pivot from victim to advocate. He is creator and CEO of The CyberHero Adventures: Defenders of the Digital Universe, a groundbreaking comic series that distills complex cybersecurity information into entertaining and educational superhero stories, making cyber hygiene accessible for non-technical people.

[1] Source: Wikipedia,


FAIR USE NOTICE: Under the "fair use" act, another author may make limited use of the original author's work without asking permission. Pursuant to 17 U.S. Code § 107, certain uses of copyrighted material "for purposes such as criticism, comment, news reporting, teaching (including multiple copies for classroom use), scholarship, or research, is not an infringement of copyright." As a matter of policy, fair use is based on the belief that the public is entitled to freely use portions of copyrighted materials for purposes of commentary and criticism. The fair use privilege is perhaps the most significant limitation on a copyright owner's exclusive rights. Cyber Defense Media Group is a news reporting company, reporting cyber news, events, information and much more at no charge at our website Cyber Defense Magazine. All images and reporting are done exclusively under the Fair Use of the US copyright act.

Global InfoSec Awards 2022

We are in our 10th year, and these awards are incredibly well received – helping build buzz, customer awareness, sales and marketing growth opportunities, investment opportunities and so much more.


10th Anniversary Exclusive Top 100 CISO Conference & Innovators Showcase