SecurityScorecard generates the equivalent of a credit score for a company’s cyber security (see below). Measured Analytics and Insurance will use (good) cyber scores to provide coverage discounts, as well as identify needed security improvements. This marks another partnership between insurance carriers and security tech providers, from assessment specialists such as SecurityScorecard to vendors of specific security software and services.
“Measured and SecurityScorecard enable organizations to effectively incorporate cyber insurance into their risk management strategy, even as insurance costs remain uncertain. This approach will also enable the procurement of cyber insurance as part of a broader program of corporate investment and enterprise risk management,” says the release.
The release includes some interesting information, including seven factors Security Scorecard believes are predictive of breaches and uses in its analysis:
“Endpoint Security: Tracks identification points that are extracted from metadata related to the operating system, web browser, and related active plugins.
Patching Cadence: Analyzes how quickly an organization installs security updates to measure vulnerability risk mitigation practices.
Ransomware Score: Measures how susceptible the organization is to a ransomware attack.
Network Security: Checks public datasets for evidence of high-risk or insecure open ports within the organization network.
DNS Health: Measures the health and configuration of an organization’s DNS setting. It validates that no malicious events occurred in the passive DNS history of the organization’s network.
IP Reputation: Makes use of the SecurityScorecard sinkhole infrastructure as well as a blend of OSINT malware feeds and third-party threat intelligence data-sharing partnerships.
Cubit Score: Measures a variety of security issues that an organization might have, e.g., checks public threat intelligence databases for IP addresses that have been flagged.”