Security Ratings. PHOTO: Cybercrime Magazine.

10 Hot Security Ratings Companies To Watch in 2021

Who’s who in measuring cybersecurity posture

Steve Morgan, Editor-in-Chief

Sausalito, Calif. – Jan. 22, 2021

Much the way that credit ratings and FICO scores provide a quantitative measure of credit risk, security ratings attempt to provide the same for cyber risk. In theory if an organization has a high security rating, then they have a strong security posture.

Who looks at security ratings? Boardroom and C-suite executives, chief risk officers, CIOs, CSOs, and CISOs. And dare we say … cyberinsurance providers. It’s possible that a low security rating won’t bode well in the eyes of an underwriter.

Gartner calls security ratings one of the top 10 security projects through 2021. Security and risk management (SRM) leaders should leverage security rating services as an additional data point to provide continuous, independent scoring for their overall digital ecosystem — public-facing assets and otherwise, according to the research firm.

Not everyone agrees with the premise behind security ratings.

Dr. Tim Juno, an SVP at Palo Alto Networks and a former Cybersecurity Fellow at Stanford University, claims that security ratings are a dangerous reality. Ratings companies, in his opinion, distort reality and potentially cause users to misallocate personnel and budget.

Despite some controversy, the security ratings market is expanding as organizations of all sizes and types globally are determined to assess their security posture.


Cybercrime TV: What CISOs Should Know About Security Ratings

Bob Maley, Chief Security Officer at Black Kite


Security Ratings Companies

Who’s who in the security ratings space? Here’s 10 hot companies the editors at Cybercrime Magazine are watching in 2020, and you should too.

  • Black Kite, Boston, Mass. Rating technology uses open-source intelligence to compare vendor cybersecurity to industry standards. Black Kite is also the only cyber rating system that puts a dollar value on risk, using OpenFAIR to quantify risk in financial terms.
  • BitSight, Boston, Mass. In 2011, BitSight pioneered the security ratings market, founding the company with a solitary mission: to transform how organizations evaluate risk and security performance by employing the outside-in model used by credit rating agencies.
  • CYRATING, Paris, France. Automated and objective ratings provide a transparent and objective methodology. All ratings are automatic and based on the same scope, controls, rating algorithm, and scale. The controls rely on best cybersecurity practices and detailed results of each are provided.
  • ISS, Rockville, Md. The ISS Cyber Risk Score provides an empirical, proactive indicator of cybersecurity risk that allows organizations to better understand their own cyber resilience as well as the security posture of their vendors. Advanced machine learning based analytics distill raw cyber intelligence into a concise actionable metric for vendor management.
  • iTrust, Atlanta, Ga. Cybersecurity risk ratings and risk intelligence to help businesses build trusted relationships with their vendors, partners, and suppliers. iTrust collects and analyzes third-party risk metrics using machine learning to deliver 360° vendor security and compliance visibility.
  • Panorays, New York, N.Y. SaaS-based platform with no installation needed that enables companies to easily view, manage and engage on the security posture of their third parties, vendors, suppliers and business partners. Provides visibility and compliance to regulations such as GDPR and NYDFS.
  • Prevalent, Phoenix, Ariz. Software and services to eliminate the security and compliance exposures that come from working with vendors, suppliers and other third parties. Designed to help users make informed decisions and adapt and mature their third-party risk management programs over time.
  • RiskRecon, Salt Lake City, Utah. Provides security and risk management teams and leaders with a trusted and transparent view into enterprise security programs that will prompt all organizations to adhere to security best practices. RiskRecon is a subsidiary of Mastercard.
  • SecurityScorecard, New York, N.Y. Comprehensive security ratings, advanced data analytics, and actionable insights minimize cyber risk in an IT infrastructure and vendor and third-party ecosystem. Provides meaningful and actionable insights, and scales a program using a suite of products and services.
  • Upguard, Hobart, Australia. Security ratings engine monitors millions of companies and billions of data points every day. Get a free and quick view of your organization’s website security performance across 13 risk factors, such as email security, SSL, DNS health and common vulnerabilities.

Cybercrime Magazine will be expanding our coverage of security ratings companies and this list later in 2021.

Steve Morgan is founder and Editor-in-Chief at Cybersecurity Ventures.

Go here to read all of my blogs and articles covering cybersecurity. Go here to send me story tips, feedback and suggestions.


Sponsored by Black Kite

Black Kite, Inc. is led by a team of innovative thinkers and cybersecurity experts. Our goal is to provide you with the most accurate and comprehensive cyber rating results, with the fewest false positives.

Our people and platform do the work for you, highlighting risk areas that require attention and automating feedback on how to address them. We’re committed to serving our customers — and we’re proud of our five-star customer service rating.

Black Kite is the only rating system that gives a complete view of cyber risk across three dimensions — technical, financial, and compliance. Companies choose our patented rating technology over legacy rating services every day, as our platform continues to prove superior technically, systematically, and at scale.



Send this to a friend