180m Series 290msawersventurebeat: To learn about the type of Internet and software security risks your business is exposed to, you can subscribe to Security Scorecard, which offers comprehensive and transparent reports on email and website hacking rates, as well as other indicators. With a database of more than 1 billion records, this company has been scoring companies’ digital risk exposures since 2007. Its ratings are based on real-world data that originates from sources such as public filings with the U.S. Securities and Exchange Commission and insurance claims from firms such as Allstate and Chubb. The company has raised $180 million in Series E funding, bringing its total to more than $290 million since it was founded in 2007.
SecurityScorecard has been generating a growing number of customers. Employees at the company’s headquarters, located in Washington, D.C., have been expanding beyond internal security professionals to include CIOs, chief risk officers, chief information security officers and compliance officers among others. The funding will help SecurityScorecard expand its global sales and marketing teams.
“We have found that the biggest impediment to security is the lack of measurement in general,” says John Kindervag, vice president and principal analyst at Forrester Research. “Frankly, even many security vendors don’t know how well they are doing in the marketplace. SecurityScorecard comes close to providing the only three data points you need in order to understand how you are doing.”
Kindervag believes that SecurityScorecard’s biggest challenge going forward will be managing its growth. “Not only do you have to grow the company, but you have to grow the four legs of the stool — data, engineering, product and sales and marketing,” he says. “When you are a private company you can reach inside yourself and find those resources. But when you bring in a lot of money from new investors, it presents different challenges.”
The security ratings are generated via a proprietary methodology. The company’s data is made available to customers through its website and through subscription-based reports. “We provide customers with a full picture of their security posture,” says Matt Moyer, chief executive officer of SecurityScorecard. “We can tell you how your website stacks up against other websites and the legitimacy of your email communications.”
The company was founded in 2007 by David Callisch and Peter Tran, who are still its CEO and COO. The duo worked as security engineers at McAfee. They built SecurityScorecard after they saw the need to provide organizations with a comprehensive metric on their security strengths and weaknesses. “We felt that we could give customers data that would help them make better decisions with respect to cybersecurity — not just a single metric, but an overall picture of their security posture,” says Callisch.
Since its inception, SecurityScorecard has positioned itself as a trusted advisor to companies that are serious about improving security. “We want to make sure that companies are armed with the right information to make decisions based on data,” says Tran.
Each year, the company analyzes more than 400 million data records across nine dimensions of digital risk. These include domains, internal email addresses and websites. SecurityScorecard also scores SSL certificates from more than 100 providers. The company’s data is pulled from a combination of sources, including the public domain — for example, SEC filings — as well as proprietary data that it is constantly collecting.
SecurityScorecard has been around for nine years, but it has only recently started to scale its business. Moyer joined the company in May 2016 with a mandate to help SecurityScorecard grow its business and accelerate its pace of innovation.
