SecurityScorecard OverviewUNIXBusinessApplication

SecurityScorecard is the #3 ranked solution in top IT Vendor Risk Management tools. PeerSpot users give SecurityScorecard an average rating of 6.0 out of 10. SecurityScorecard is most commonly compared to BitSight: SecurityScorecard vs BitSight. SecurityScorecard is popular among the large enterprise segment, accounting for 65% of users researching this solution on PeerSpot. The top industry researching this solution are professionals from a computer software company, accounting for 18% of all views.
What is SecurityScorecard?

Funded by world-class investors including Evolution Equity Partners, Silver Lake Partners, Sequoia Capital, GV, Riverwood Capital, and others, SecurityScorecard is the global leader in cybersecurity ratings with more than 12 million companies continuously rated. Founded in 2013 by security and risk experts Dr. Aleksandr Yampolskiy and Sam Kassoumeh, SecurityScorecard’s patented rating technology is used by over 25,000 organizations for enterprise risk management, third-party risk management, board reporting, due diligence, cyber insurance underwriting, and regulatory oversight. SecurityScorecard continues to make the world a safer place by transforming the way companies understand, improve and communicate cybersecurity risk to their boards, employees and vendors. Every organization has the universal right to their trusted and transparent Instant SecurityScorecard rating. For more information, visit or connect with us on LinkedIn.

SecurityScorecard Customers

TriNet, USAA, Zurich, Gilt Groupe, McGraw Hill Financial

SecurityScorecard Video

SecurityScorecard Reviews

Filter by:
Filter Reviews
Filter Unavailable
Company Size
Filter Unavailable
Job Level
Filter Unavailable
Filter Unavailable
Filter Unavailable
Order by:
  • Date
  • Highest Rating
  • Lowest Rating
  • Review Length
Showingreviews based on the current filters. Reset all filters
Steffen Hornung - PeerSpot reviewer
Administrator at Neuberger Gebäudeautomation GmbH
Real User
Top 5Leaderboard
Provides security footprint insights and is free, but not enough features are included in the free tier
Pros and Cons
  • "With its automated approach, nothing is missed on the IPs your organization is related to."
  • "There could be more information in regards to solving problems like hints on what specifically to look for."

What is our primary use case?

We were asked by a customer to respond to issues raised on the platform regarding our security score. 

We are using the free offering at the moment. For something that was not part of our selection, I would like to have more features available. In that context, a paid subscription is way out of line for an organization of our size.

As the approach is widely automated information gathering, there is a wide gap from free to paid which makes it hard for smaller organizations to get better security awareness. There is always the notion that a breach is expensive, however, that does not mean vendors can collect anything they like in terms of pricing. It has to be reasonable. 

How has it helped my organization?

With SecurityScorecard we gained more insight into our security footprint. The platform does very little to help with issues. Maybe that is for paid subscribers. Every so often, issues are re-surfacing and you have to re-explain everything. 

Don't get me wrong. Although it is not very nice to have security issues (or symptoms of such) thrown at you, it is nicer than some ransom demand.

With its automated approach, nothing is missed on the IPs your organization is related to. Still, it is extra work.

What is most valuable?

You can have notifications for changes in your score. It really helps to not have to come back every now and then to look score changes up.

I also like the report options in place. They could be made more configurable but there will always be disagreement on reporting options.

You can also invite team members to help with solving problems. 

It's good for a security solution. You can protect your logins with MFA. It is not as good as Azure MFA (no push option), however, still an improvement over the plain user/password combo.

What needs improvement?

There could be more information in regards to solving problems like hints on what specifically to look for.

There should be the option to split responsibility for certain areas. This would be mandatory if we want to invite external consultants to look at things together. 

As mentioned above, the pricing for a paid subscription is too high for "just" a monitoring platform. 

They don't fix your issues. Instead, you have to come up with a good explanation of why things are the way they are. Small teams might not have the patience to re-submit closure of issues due to the fact that the explanation for the issue is not accepted.

For how long have I used the solution?

We have been working with the service for about three months now.

What do I think about the stability of the solution?

We had no issues with stability so far. There is no high volume traffic goong on when using it.

What do I think about the scalability of the solution?

It's a web-based service. Scalability should be no issue.

How are customer service and support?

It's not the most responsive technical support so far. Most issues are not fixed in an hour. Users shouldn't expect confirmation to be there at that time. If you expect 1-3 days you are well-positioned with a no-fee service.

How would you rate customer service and support?


Which solution did I use previously and why did I switch?

We did not previously use a different solution.

How was the initial setup?

The initials setup is easy. You just log in with your work email. That's it.

What about the implementation team?

I suspect that no one was tasked with security to onboard here. 

What was our ROI?

There is no ROI for a free tier. We would need to provide an explanation about paid subscriptions for just a security ticket system in the cloud.

What's my experience with pricing, setup cost, and licensing?

They already have set up for most organizations with their security footprint gathered from whois, DNS, and other sources. Therefore, no setup cost would be reasonable. The pricing could be split into a lower paid tier for smaller organizations and another higher tier for others with a more security-focused outlook. $1000 per month is more than some companies pay for their internet connections in total.

The free tier is perhaps tied to larger organizations inviting smaller ones to get them onboarded.

Which other solutions did I evaluate?

We were forced (or rather, invited) to use that solution by a customer.

What other advice do I have?

Don't expect answers for closing issues right away. There are still people involved who re-check the issues for proper fixes and if your explanation for "that's no issue" is acceptable.

Which deployment model are you using for this solution?

Public Cloud

If public cloud, private cloud, or hybrid cloud, which cloud provider do you use?

Disclosure: I am a real user, and this review is based on my own experience and opinions.
PeerSpot user