An interview with Susanne Gurman of SecurityScorecard, from Black Hat 2019
Las Vegas, NV – Amidst all the hustle and bustle of Black Hat 2019, I was privileged to have an opportunity to sit down with Susanne Gurman, vice president of revenue marketing at SecurityScorecard. We delved into some aspects of the fascinating work they are doing, their corporate mission, and her vision for the future of the cyber risk assessment industry.
SecurityScorecard rates cybersecurity postures of corporate entities through the scored analysis of cyber threat intelligence external signals for the purposes of assessing third party risk and third party risk management, self-monitoring, merger, and acquisition due diligence and more. .[1] What sets SecurityScorecard apart is the company’s focus on transparency, ensuring that its clients fully comprehend the reasons behind the score(s) provided. “We open up our back-end information so that people can understand what kind of data we extract and the methodologies used to create those scores,” Gurman says. “We do an outside-in, non-intrusive assessment of an organization’s online footprint, to see what a hacker sees. To compliment our outside-in perspective, we launched our inside-out, questionnaire and evidence exchange solution, Atlas. Combining Atlas with our security ratings gives customers a complete 360-degree view of their third party risk.”
Perhaps most importantly, SecurityScorecard provides actionable analytics, providing customers with the ability to see exactly where the issues are, and address them accordingly. “An organization can review and understand the types of risks associated with their online footprint.” Gurman continues, “then, they can identify key areas of risk to help mitigate them.”
SecurityScorecard must be doing something right because they continue to grow at a breakneck pace. “It is our mission to score as many organizations as we possibly can,” Gurman adds. “Today, we have over 1 million companies scored, which is hundreds of thousands more than any other security rating out there!”
Their progress hasn’t gone unnoticed, and SecurityScorecard recently secured additional investment capital to help with the company’s proliferation. “We just secured another round of funding back in June 2019, and that was really to help us expand globally,” says Gurman. “We currently have a very good foothold in the United States, and we are branching out into other regions, like South America, Europe, and the Asia Pacific.”
Perhaps most interesting was the application of SecurityScorecard’s risk assessment scores to the world of cyber insurance. According to Gurman, “[Cyber insurance companies] utilize our understanding of their online risk threshold for potential customers or [current] customers, and they can more accurately underwrite the policies which they are providing.” In addition, cyber insurance companies use SecurityScorecard’s continuously updated scores to keep track of their clients’ security postures. “We can see when [a security score] dips, and they can be alerted when it dips. That way, they can change in real-time based on the policies, whether the fees go up or they have a standard set time to get their score back.”
The future seems bright for SecurityScorecard. “Gartner says that by 2022, security ratings will be as mandatory as credit scores,” Gurman concludes. “I see SecurityScorecard being the gold standard of security ratings, and [being integrated] in every organization’s critical business processes.”
Gary Berman, Cybersecurity Reporter
Cyber Defense Magazine
Gary Berman is a contributing reporter for Cyber Defense Magazine. He was the victim of a series of insider hacks for several years until he made the pivot from victim to advocate. He is creator and CEO of The CyberHero Adventures: Defenders of the Digital Universe, a groundbreaking comic series that distills complex cybersecurity information into entertaining and educational superhero stories, making cyber hygiene accessible for non-technical people.
[1] Source: Wikipedia, https://en.wikipedia.org/wiki/SecurityScorecard