# SecurityScorecard Reviews **Vendor:** SecurityScorecard **Category:** [Vendor Security and Privacy Assessment Software](https://www.g2.com/categories/vendor-security-and-privacy-assessment) **Average Rating:** 4.3/5.0 **Total Reviews:** 91 ## About SecurityScorecard Stopping sophisticated cyberattacks requires visibility beyond your organization. Security teams need a complete understanding of their attack surface and business ecosystem risk—including partners, contractors, third- and fourth-party vendors, and supply chains. As the industry leader in security ratings, SecurityScorecard provides actionable insights for over 12 million organizations so you can quantify trustworthiness, quickly respond to cyber risks, and strengthen cyber defenses. SecurityScorecard is a security ratings, response, and resilience company. As the industry leader in security ratings, we provide actionable insights so you can make fast, informed decisions that improve your defenses. SecurityScorecard offers the world’s most comprehensive platform for quantifying and reducing risk, so you can instantly know whether an organization deserves your trust and show others that you deserve theirs. With SecurityScorecard, you can quantify trustworthiness and instantly know the cyber risk of any company worldwide, including your business, competitors, vendors, and downstream suppliers. You can strengthen cyber defenses by accessing a stream of risk intelligence that pinpoints vulnerabilities, prioritizes next steps, and clarifies remediation plans. And you can verify vendor readiness by identifying cyber-risks posed by vendors and sub-tier suppliers throughout your ecosystem– and take action to ensure their problems don’t become your problems. What we offer: Supply Chain Cyber Risk: Your supply chain consists of your third and fourth parties as well as Nth parties that are all connected to your business. Vulnerabilities and threats in your supply chain can pose risks to your business operations. With SecurityScorecard, you can significantly reduce or eliminate the risk of compromise from a vendor or business partner. Offerings include: Third-Party Cyber Risk Management, Automatic Vendor Detection, Supply Chain Risk Intelligence, and Security Questionnaires. Threat Landscape: Go outside the wire to identify threats facing your organization and your supply chain. Leverage terabytes of data and AI-driven analytics to identify the threats that put your business at risk. Offerings include: Attack Surface Intelligence, Intelligence Feeds, and Vulnerability Intelligence. Security and Risk Operations: SecurityScorecard enables companies to see what a hacker sees across their own external attack surface so they can identify threats and take action before the bad guys have a chance to exploit critical vulnerabilities. Offerings include: External Attack Surface Management and Cyber Risk Quantification. Services: A focus on expert-led continuous improvement, actionable insights, and tailored strategies positions SecurityScorecard as a trusted partner in achieving and maintaining a robust cybersecurity posture. Offerings include: Digital Forensics & Incident Response, Advisory Services, Penetration Testing, Red Team, and Tabletop Exercises. MAX: SecurityScorecard MAX is a technology-enabled supply chain cyber risk managed service. Organizations leverage SecurityScorecard's technology, expertise, and partner ecosystem to minimize supply chain risk and gain tangible business outcomes. ## SecurityScorecard Pros & Cons **What users like:** - Users value the **depth and ease of use** of SecurityScorecard, appreciating its comprehensive features and excellent customer service. (23 reviews) - Users appreciate the **ease of use** of SecurityScorecard, facilitating straightforward reporting and strategic decision-making. (16 reviews) - Users commend the **unmatched customer support** of SecurityScorecard for promptly addressing concerns and enhancing user experience. (9 reviews) - Users value the **insightful reports** from SecurityScorecard, aiding in customer preparation against potential attacks. (9 reviews) - Users value the **intuitive interface** of SecurityScorecard, appreciating its simplicity and ease of use for all stakeholders. (7 reviews) - Security Management (7 reviews) - Comprehensive View (6 reviews) - Dashboard Usability (6 reviews) - Features (6 reviews) - Risk Management (6 reviews) **What users dislike:** - Users find the **limited reporting capabilities** of SecurityScorecard inadequate for detailed presentations and audits. (4 reviews) - Users face discrepancies with **scoring issues** , including false positives and lack of aggregate scoring across the enterprise. (4 reviews) - Users note that there is significant **improvement needed** in SecurityScorecard's automated reporting and false positive occurrences. (3 reviews) - Users note **inefficient risk management** due to false positives and subjective scoring without solid evidence to support decisions. (3 reviews) - Users face **integration issues** as the system struggles with legacy systems and lacks automatic subdomain detection. (3 reviews) - Users face a **lack of clarity** regarding score changes and find the interface less intuitive, complicating their experience. (3 reviews) - Poor Reporting (3 reviews) - Vendor Management (3 reviews) - Information Overload (2 reviews) - Learning Difficulty (2 reviews) ## SecurityScorecard Reviews ### 1. External Vulnerability Management External Attack Surface **Rating:** 5.0/5.0 stars **Reviewed by:** Chris L. | Cloud Security Engineer, Information Technology and Services, Enterprise (> 1000 emp.) **Reviewed Date:** August 14, 2025 **What do you like best about SecurityScorecard?** tHIS TOO IS A SIMPLE man when it comes to ease of use and an insane one for the depth. I rely on it daily for our public security posture and the MS Power BI integration (thru API's) allows simple dashboarding. This is another huge one, the amount of features dark web monitoring, IP reputation checks etc really does save us hours and hours compared to doing it all manually. Unmatchable customer service, every concern is catered in hours. **What do you dislike about SecurityScorecard?** The initial integration work was a bit hard because of some legacy systems we have here, but their team really helped us. The only issue is that it doesn't detect all the subdomains (so you must type them manually). **What problems is SecurityScorecard solving and how is that benefiting you?** It identified seen assets, but right now blind spots or new asset categories such as old test envs. It has greatly reduced our attack surface, and helps us out a lot in negotiations when it comes to cyber insurance. ### 2. Essential for Third-Party Risk Management **Rating:** 5.0/5.0 stars **Reviewed by:** Tim U. | Cyber Security / Automation Expert, Computer & Network Security, Mid-Market (51-1000 emp.) **Reviewed Date:** August 14, 2025 **What do you like best about SecurityScorecard?** Connecting our score to the fullest third-party security risk exposure view One of the things that I found most amazing was just how much you can see about a vendors security posture and not get bogged down in the weeds of all the technical analysis. Streamline the risk categorization (DNS Health, Patching cadence etc) for better focus and correct prioritization of remediation efforts. We got help and updates so you can be timely. **What do you dislike about SecurityScorecard?** The issue is… as positive as those scores are, we do still occasionally see some false positives related to the baked-in risk of vendors with whom we have no leverage. Once we had dialed in some compliance settings to better meet our own Risk Profiles, it was fairly straightforward to set up. As such — if reporting can be made any more flexible (which would cover the last gap), it will already be extremely similar to how we segment workflow. **What problems is SecurityScorecard solving and how is that benefiting you?** For vendor risk assessments, the utility use 60% time savings over manual due diligence. Yet, to keep their defenses up they can set up automatic alerts for when ratings drop and address vulnerabilities head-on so changes are made before things become dire. It is already quite critical for the compliance reporting and C-Level Risk visibility. ### 3. "Comprehensive Cybersecurity Insights with Room for Improvement" **Rating:** 5.0/5.0 stars **Reviewed by:** Cristian C. | Administrador, Small-Business (50 or fewer emp.) **Reviewed Date:** April 08, 2025 **What do you like best about SecurityScorecard?** SecurityScorecard provides a comprehensive view of your organization's cybersecurity posture and the security ratings of your third-party vendors, giving you the tools to manage and improve security risks effectively. **What do you dislike about SecurityScorecard?** While SecurityScorecard offers a lot of useful data, some users find the interface slightly overwhelming, especially if they are not very familiar with cybersecurity metrics. **What problems is SecurityScorecard solving and how is that benefiting you?** One issue is that the service might sometimes be too focused on broad metrics rather than providing highly detailed information. This forces me to look at other sources for deeper analysis, which can be time-consuming. However, it benefits me by keeping my focus on high-level security trends and identifying partners' general risk profiles quickly. ### 4. Security Scorecard as TPRM **Rating:** 2.5/5.0 stars **Reviewed by:** Verified User in Financial Services | Mid-Market (51-1000 emp.) **Reviewed Date:** August 14, 2025 **What do you like best about SecurityScorecard?** the security scorecard was Budget Friendly (Moderate Budget Friendly) , Dashboards were good , good correlation with CVE **What do you dislike about SecurityScorecard?** Not having any Customer support, Not doing Constant Scans , Real time scanning was not available, **What problems is SecurityScorecard solving and how is that benefiting you?** Security Card was doing very well in managing the Vendor Risks , So it benefiting us to understand that how much access or how we can have a controlled environment that our vendor risk does not affect security of our organization, Moreover the Security Card was monitoring the External attack surface of Our Organization but withstanding it was not much accurate still at one point of time it helps us to understand the Attack surface and According to Attack surface we were able to monitor our Outer facing environment, while working on the Security Scorecard it helps us understanding that this Vulnerability can impact how much to the score of the Organization and also in maintaining best score by giving remediation practices to us ### 5. Industry Benchmarking at Its Best **Rating:** 5.0/5.0 stars **Reviewed by:** Brad H. | Chief Technology Officer, Information Technology and Services, Mid-Market (51-1000 emp.) **Reviewed Date:** August 16, 2025 **What do you like best about SecurityScorecard?** It is very rare a platform can benchmark our security posture against our peers. It was extremely easy to implement and we were up and running in less than days. Completely game changing features like monitors for compromised credentials and DNS health checking. Proactive: Support will frequently suggest optimizations **What do you dislike about SecurityScorecard?** Sometimes scores will vary because of things like CDN outages which may cause unnecessary alerts. Another option would be a “pause monitoring” feature for maintenance windows. **What problems is SecurityScorecard solving and how is that benefiting you?** Our boardroom discussions have changed, and executives now hold leaders accountable when scores dip. The platform also allowed us to discover a cloud storage bucket misconfiguration before it could be exploited. ### 6. The Gold Standard for Security Ratings **Rating:** 5.0/5.0 stars **Reviewed by:** David Q. | Security Industry Advisor, Information Technology and Services, Mid-Market (51-1000 emp.) **Reviewed Date:** August 16, 2025 **What do you like best about SecurityScorecard?** Its interface is deceptively simple with incredible functionality. I've rolled this out in three organizations, and EVERY time, it's found THE critical gaps (e.g.- expired SSL certificates). Daily use: it is my first dashboard check in the morning. PowerPoint Integration : Easily share insights with my leadership via PowerPoint. **What do you dislike about SecurityScorecard?** The very first setup had to do small adjustments not to score non-critical assets. It would help to have an onboarding wizard for this. **What problems is SecurityScorecard solving and how is that benefiting you?** It has also done away with self-assessment “security theater.” We are now trusted by our clients when it comes to rating and sales cycles within IT security has been reduced by 30%. ### 7. Security Scorecard TPRM **Rating:** 5.0/5.0 stars **Reviewed by:** Verified User in Computer & Network Security | Mid-Market (51-1000 emp.) **Reviewed Date:** July 24, 2025 **What do you like best about SecurityScorecard?** What I truly value about Security Scorecard is its comprehensive approach to vendor risk management, specifically how it excels in identifying risk factors, conducting thorough assessments, enabling continuous monitoring, and facilitating effective management of those risks. **What do you dislike about SecurityScorecard?** SecurityScorecard, in my opinion, is an exceptionally well-conceived solution for third-party risk management. The truth is, it causes me practically no bother at all, which speaks volumes about its great effectiveness and intuitive design. I believe they've successfully developed a tool that significantly simplifies such a critical aspect as cybersecurity with external vendors, fully meeting expectations and facilitating efficient risk management. **What problems is SecurityScorecard solving and how is that benefiting you?** The fundamental challenge that Security Scorecard effectively addresses is the lack of unified vendor risk management, coupled with the critical need for greater visibility into the technological security posture and proactive threat intelligence regarding third-party vendors. In today's interconnected digital landscape, organizations are increasingly reliant on a vast ecosystem of third-party providers, each representing a potential entry point for cyberattacks. Security Scorecard steps in to bridge this gap, transforming a chaotic and opaque process into a structured, insightful, and actionable one. ### 8. Objective Metrics for Security Posture **Rating:** 5.0/5.0 stars **Reviewed by:** Thomas B. | Information Technology COO, Information Technology and Services, Small-Business (50 or fewer emp.) **Reviewed Date:** August 15, 2025 **What do you like best about SecurityScorecard?** Since SecurityScorecard does not utilize any such data, the vendor ratings are impartial. The customers think of it as a no-brainer with one neutral benchmark. Understanding customer service & user-friendliness of platform (even for non-technical stakeholders). **What do you dislike about SecurityScorecard?** Ratings sometimes are unfairly strong about subjects a business cannot control (e.g. shared hosting providers) — More filters in data can be helpful **What problems is SecurityScorecard solving and how is that benefiting you?** It allows advisors to be more objective when discussing risk with clients by presenting hard data points on top of the perception. The audit process is faster, and the reliability and confidence of stakeholders are higher than they were prior to them. ### 9. Cybersecurity Analyst **Rating:** 5.0/5.0 stars **Reviewed by:** Verified User in Information Technology and Services | Mid-Market (51-1000 emp.) **Reviewed Date:** October 09, 2025 **What do you like best about SecurityScorecard?** Support from team. I like the likelihoods reports to help us help our customers prepare for possible attacks. **What do you dislike about SecurityScorecard?** There is nothing I dislike about Security Scorecard. **What problems is SecurityScorecard solving and how is that benefiting you?** Security Scorecard is assisting me with ensuring I advise our customers of any possible vulnerabilities or breaches that could potentially impact their foot print. ### 10. Excellent site analysis tool **Rating:** 5.0/5.0 stars **Reviewed by:** Edwin F. | Jefe de redes y ciberseguridad, Enterprise (> 1000 emp.) **Reviewed Date:** April 01, 2025 **What do you like best about SecurityScorecard?** You don't need to feed it anything, it starts looking for all the DNS of sites it relates to by itself, it is very easy to use and its implementation is natural, it is a tool for daily use. **What do you dislike about SecurityScorecard?** That sometimes you don't know why you are held responsible for some vulnerabilities that don't belong to your infrastructure, however, they are immediately removed when you let them know. **What problems is SecurityScorecard solving and how is that benefiting you?** SecurityScorecard comes to solve the problems of vulnerability breaches identified on the main sites of a domain. In my case, it helps me detect the vulnerabilities I have and gives me visibility to address them. Additionally, it helps me check if the actions I applied covered the vulnerability. ## SecurityScorecard Discussions - [Apart from Third Party & Supplier Risk Management, How can we use other functionality of SS?](https://www.g2.com/discussions/apart-from-third-party-supplier-risk-management-how-can-we-use-other-functionality-of-ss) - 1 comment, 1 upvote - [What is SecurityScorecard used for?](https://www.g2.com/discussions/what-is-securityscorecard-used-for) - 1 comment - [How much does BitSight cost?](https://www.g2.com/discussions/how-much-does-bitsight-cost) - 1 comment - [Why SecurityScorecard?](https://www.g2.com/discussions/why-securityscorecard) - 1 comment - [View SecurityScorecard pricing details and edition comparison](https://www.g2.com/products/securityscorecard/reviews/securityscorecard-review-4545269?section=pricing&secure%5Bexpires_at%5D=2026-06-04+05%3A23%3A52+-0500&secure%5Bsession_id%5D=6debb53a-100a-43fb-9f8a-d050d519c113&secure%5Btoken%5D=21e71a9ffed98700a3c5aebfa694752a497272b08d65158b94ad8895df3b61f7&format=llm_user) ## SecurityScorecard Integrations - [Microsoft PowerPoint](https://www.g2.com/products/microsoft-powerpoint/reviews) ## SecurityScorecard Features **Functionality** - Customized Vendor Pages - Centralized Vendor Catalog - Questionnaire Templates - User Access Control **Generative AI** - AI Text Generation **Risk assessment** - Risk Scoring - 4th Party Assessments - Monitoring And Alerts - AI Monitoring **Monitoring - IT Risk Management** - AI Monitoring **Generative AI - Vendor Security and Privacy Assessment** - Text Summarization - Text Generation **Agentic AI - IT Risk Management** - Autonomous Task Execution - Multi-step Planning ## Top SecurityScorecard Alternatives - [UpGuard Vendor Risk](https://www.g2.com/products/upguard-vendor-risk/reviews) - 4.5/5.0 (710 reviews) - [Bitsight](https://www.g2.com/products/bitsight/reviews) - 4.5/5.0 (76 reviews) - [LogicGate Risk Cloud](https://www.g2.com/products/logicgate-risk-cloud/reviews) - 4.6/5.0 (188 reviews)