SecurityScorecard Reviews

Name: SecurityScorecard
Brand: SecurityScorecard
Rating: 4.0 (7 reviews)

Vendor: SecurityScorecard

4.0 out of 5

7 reviews
85% willing to recommend

641 followers

Start review

What is SecurityScorecard?

SecurityScorecard provides comprehensive cybersecurity insights with features such as notifications for score changes and configurable reporting, supporting team collaboration. It emphasizes multi-factor authentication and continuous monitoring for improved risk assessments.

Get the SecurityScorecard Buyer's Guide and find out what your peers are saying about SecurityScorecard, RSA Archer, Bitsight and more!

SecurityScorecard is the #3 ranked solution in top IT Vendor Risk Management solutions. PeerSpot users give SecurityScorecard an average rating of 8.0 out of 10. SecurityScorecard is most commonly compared to RSA Archer: SecurityScorecard vs RSA Archer. SecurityScorecard is popular among the large enterprise segment, accounting for 60% of users researching this solution on PeerSpot. The top industry researching this solution are professionals from a financial services firm, accounting for 16% of all views.

Helped 859,687 peers since 2012

Featured SecurityScorecard reviews

Hadar Eshel

Co-Founder and CEO at Cloudway

Our organization relies on numerous SaaS services for critical business functions, such as CRM and monitoring solutions. In a hypothetical scenario where a security breach occurs in the CRM database, potentially exposing our data and our clients, SecurityScorecard proves invaluable. It provides a security score, typically a percentage, based on extensive data collection from various sources, including the dark web and social networks. Let's say our CRM solution receives a security score of 78%, indicating a relatively safe status according to the information gathered by SecurityScorecard. One of its most effective features for risk identification is its enterprise-ready automation for third-party risk measurements. Additionally, it provides valuable insights into vulnerabilities within an organization, utilizing tools such as CVE details. For instance, it can assign a score based on vulnerabilities detected, such as 60%, and specify each vulnerability by its identifier. It offers scalability and can handle large volumes of real-time data. The continuous monitoring feature significantly enhances the ability to manage risks by providing real-time data collection on suppliers. We can observe fluctuations in their security levels over time, sometimes even every month. We can create alerts for high-risk situations, enabling organizations to respond promptly to potential security threats or vulnerabilities identified within their supplier network. The product's security ratings are helpful. While there may be occasional false positives, it does not function as a scanning solution. Instead, it presents the same information that hackers could potentially exploit. While I haven't worked with other cybersecurity rating solutions, I can attest to its strengths based on my experience. One notable advantage is their extensive data collection capabilities, surpassing many competitors in the market. They gather a wide range of information, resulting in a vast database that includes many suppliers or companies. It is easy to integrate with other tools. I rate it a nine out of ten.

Read full review

Antonio Scola

Owner at SUNLIT TECHNOLOGIES

With SecurityScorecard, the most valuable feature is the ability to identify if third parties or vendors have digital threats that may impact our company. It also scans all internal domains and IPs to find vulnerabilities in the digital landscape. The continuous monitoring capabilities have been beneficial by providing ongoing assessments of potential risks.

Read full review

Jai Prakash Sharma

Vice President, Technology Operations at InfoEdge India Ltd

SecurityScorecard has improved our company's vendor risk assessment process since it basically gives us the comparison of the competitors and certain vulnerabilities which we can report from an external view or a third party view, giving us an improvement area to work on, which might we might not have focused a lot, or maybe it might be overlooked upon by us. SecurityScorecard helps our company get better scores. The tools help fix the vulnerabilities, which in turn improves scores, making it a valuable product for us. A scenario where SecurityScorecard enabled better decision-making for IT projects includes an incident involving a couple of domain names that my company used to use in the past since sometimes we see that some applications were replicated. My company forgot to clean up the DNS names. Once my company gets to know from SecurityScorecard that our application has vulnerabilities, I may not have renewed the certificate considering that the application is no longer in use, owing to which our company might lose track of it, during which SecurityScorecard helps us to do the cleanup. There are many places where the right certificates are not installed, or maybe there is a small application vulnerability, which the tool can catch from the external view. This can be let known to our company since there is an action we take to fix such areas. Our company operates in the online classified market. The features of SecurityScorecard that are the most beneficial for security monitoring are the reports generated with the help of external audit and vulnerability assessment. The platform's grading system helps prioritize our company's security concerns since it helps us in the area of scores and provides the competition score. The tool also provides recommendations to improve the scores, which is helpful. In the identification of potential threats, SecurityScorecard helps our organization since it does black box analysis. With the black box analysis, the tool helps us in the area of external websites where we cannot do many things directly, after which the tool shares an unbiased status with our company. SecurityScorecard's reporting capabilities support our company's compliance initiatives since it has a dashboard with credentials through which we can get the vulnerabilities reported. The product should provide an option so that it has the ability to fix the reported vulnerability at the same time that it is reported by allowing users to raise a ticket directly with SecurityScorecard's team. After the aforementioned steps are followed, SecurityScorecard can conduct a scanning process and add up the score, which basically gives me the complete trend by allowing me to say last month's trend versus the current month's trend or maybe the last scan versus the current month's scan. I would tell those who plan to use the solution that it is a straightforward product to use. I rate the product a nine out of ten.

Read full review

SecurityScorecard mindshare

As of July 2025, the mindshare of SecurityScorecard in the IT Vendor Risk Management category stands at 10.9%, up from 10.2% compared to the previous year, according to calculations based on PeerSpot user engagement data.

IT Vendor Risk Management

PeerResearch reports based on SecurityScorecard reviews

Type	Title	Date
Category	IT Vendor Risk Management	Jul 2, 2025	Download
Product	Reviews, tips, and advice from real users	Jul 2, 2025	Download
Comparison	SecurityScorecard vs OneTrust GRC	Jul 2, 2025	Download
Comparison	SecurityScorecard vs Bitsight	Jul 2, 2025	Download
Comparison	SecurityScorecard vs RSA Archer	Jul 2, 2025	Download

Title	Rating	Mindshare	Recommending
RSA Archer	4.0	12.3%	92%	41 interviews Add to research
Bitsight	4.3	10.8%	100%	6 interviews Add to research

Valuable Features

SecurityScorecard's most valuable features include easy reporting, continuous monitoring, and benchmarking. It offers notifications for score changes, MFA login protection, and team collaboration. Users appreciate third-party digital threat identification, internal domain and IP vulnerability scanning, and attack surface capabilities such as exposed ports and breach information. Combining threat intel data with vulnerabilities, it aids comprehensive risk assessment and insights into third-party supply chain risks.

"The biggest benefit is visibility, allowing organizations to understand their risks, vulnerabilities, and potential threats."
"Fortify Data offers attack surface capabilities that identify vulnerabilities, exposed ports, and dark web information."
"The initial setup takes just a couple of days and doesn't require any installation."

Room for Improvement

SecurityScorecard requires improvements in pricing, technical support response time, and user instructions for issue resolution. It would benefit from enhanced third-party risk management capabilities and app scanning for mobile devices. Enabling alternative solutions for vulnerabilities and reducing manual tasks through automation would enhance user experience. Users express a desire for more comprehensive data points related to dark web threats and vulnerability scanning integration. Offering features to share responsibilities with external consultants is also suggested for improvement.

"There are areas for improvement in response times and overall support."
"The product can be improved by incorporating more data points and intelligence around dark web information and threat data."
"Some wanted a different solution."

ROI

SecurityScorecard enhances security posture and mitigates risks by providing visibility into risks and vulnerabilities. It allows organizations to identify and address digital threats from vendors, preventing data breaches. Though ROI is hard to quantify, SecurityScorecard's role is significant in risk management. Organizations note differences in identifying threats and maintaining data integrity. Its effectiveness in risk mitigation is highlighted by users' experiences, such as discovering data on the dark web and avoiding unnoticed security incidents.

Pricing

SecurityScorecard offers flexible pricing structures with a $400 per month tier for smaller entities and higher tiers for more security-focused organizations, with costs around $1000 monthly. Pricing is middle-range compared to competitors like Fortify Data and Censinet. Users note potential additional costs due to taxes in regions like South America. Setup costs are minimized since most data is pre-collected from various sources. Transparency in scoring adjustments is provided, allowing for discussion and feedback.

"The pricing of SecurityScorecard is fair. I would rate it a seven. It's a bit more on the expensive side. In Brazil, for example, making a payment to the vendor involves wire transfers and high taxes, making it more expensive. Selling SecurityScorecard or any American vendor's product in the United States is very different from selling in South America or Brazil."
"Even though it's competitive, they offer flexible pricing structures."
"The pricing could be split into a lower-paid tier for smaller organizations and another higher tier for others with a more security-focused outlook. $1000 per month is more than some companies pay for their internet connections in total.UPDATE: they have a new 400$ a month tier for starters."

Popular Use Cases

Organizations primarily use SecurityScorecard to assess and manage third-party cybersecurity risks. It monitors and assesses the security posture of organizations, offering recommendations to improve it. Data is analyzed deeply to identify vulnerabilities and exposed data, addressing digital risks. Users appreciate the ability to evaluate the security score and explore attack surfaces. However, there is concern about the large gap between free and paid tiers, limiting smaller organizations' access to enhanced features.

Service and Support

Customer service and support for SecurityScorecard have room for improvement in response times and issue resolution. Users note responsiveness has improved over the past year but still encounter delays, with resolutions taking up to 1-3 days. Despite these delays, users express satisfaction with the knowledgeable technical team, rating their experience between six and eight. Suggestions include better organization to handle customer volume efficiently.

Deployment

SecurityScorecard's initial setup is straightforward and efficient. Users report it is easy to deploy within two or three hours for a quick implementation for smaller numbers of monitored companies. Implementation for larger setups with more companies can take a few days. Its SaaS nature simplifies the process, allowing immediate functionality. Users receive support from a Customer Success Manager, ensuring assistance during deployment. Usually, three to four individuals participate in the process.

Scalability

SecurityScorecard is a web-based service suitable for medium to large enterprises. Users highlight its easy scalability, allowing seamless domain expansion. However, it may not suit Fortune 500 companies. While some users admire its functionality, others seek alternatives. Few people in organizations typically use it, often without plans for expansion. Scalability is generally rated around seven out of ten, with simple adjustments possible by interacting with the interface.

Stability

Users experience strong stability with SecurityScorecard. One comment indicates a minor browser setting adjustment is needed for login in MS Edge. Stability ratings range from seven to nine out of ten. The platform is described as 99.99% stable. No complaints regarding stability have been reported, and users have encountered no significant challenges even with moderate traffic.

These insights are based on the in-depth reviews provided by peers to help you make a better buying decision.

Download our SecurityScorecard Buyer's Guide for additional reliable information.

Review data by company size

By reviewers

By visitors reading reviews

Top industries

By visitors reading reviews

Financial Services Firm

16%

Computer Software Company

13%

Manufacturing Company

10%

Insurance Company

Retailer

Educational Organization

Government

Healthcare Company

University

Energy/Utilities Company

Comms Service Provider

Construction Company

Legal Firm

Media Company

Non Profit

Hospitality Company

Real Estate/Law Firm

Wholesaler/Distributor

Outsourcing Company

Pharma/Biotech Company

Logistics Company

Transportation Company

Recreational Facilities/Services Company

Engineering Company

Consumer Goods Company

Security Firm

Marketing Services Firm

Performing Arts

Compare SecurityScorecard with alternative products

Learn more about SecurityScorecard

SecurityScorecard specializes in assessing third-party cybersecurity risks, enhancing security posture, and analyzing exposed data. It offers automated information gathering and vendor reports, aiding in vulnerability assessments for supply chain risk management. Users value the Attack Surface Index and recommendations for security improvements, though faster technical response times and better cost-effectiveness, especially in Brazil, are desired. Enhancements such as app scanning and more efficient vulnerability management could expand its capabilities.

What are the key features of SecurityScorecard?

Score Change Notifications: Alerts for immediate awareness of security rating changes
Configurable Reporting: Customizable reports for different stakeholders
Team Collaboration: Tools to facilitate collaborative assessments and decision-making
Multi-Factor Authentication: Enhanced security for user logins
Continuous Monitoring: Ongoing evaluation of cybersecurity posture
Third and Fourth-Party Analysis: In-depth assessment of supply chain risks
Threat Intel Integration: Incorporation of real-time threat intelligence

What benefits or ROI should users expect?

Improved Risk Management: Enhanced visibility of cybersecurity risks
Supply Chain Protection: Identification and management of third-party vulnerabilities
Operational Efficiency: Automated data collection and analysis streamline workflows
Cost-Effectiveness: Potential reduction in security management costs
Comprehensive Threat Visibility: Access to integrated threat intelligence

SecurityScorecard is utilized in industries for managing third-party cybersecurity threats by providing detailed vulnerability assessments and automated reporting. Its implementation aids supply chain risk management and enhances industry-specific security strategies, with room for improvement in technical response times and dark web intelligence inclusion.