Securing enterprises by providing the objective truth

Why we invested in SecurityScorecard


SecurityScorecard, the global leader in security ratings, announced today that the company had completed a $180 million Series E preferred stock financing round with participation by new investors: Silver Lake Waterman, T. Rowe Price Associates, Inc., Kayne Anderson Rudnick, and Fitch Ventures. Existing investors participating in the round included NGP Capital, Evolution Equity Partners, Accomplice, Riverwood Capital, Intel Capital, AXA Venture Partners, GV, and Boldstart Ventures.

In 2017, NGP Capital led SecurityScorecard’s Series C round and joined the board of the company. At the time, security ratings were an early-adopter market, with enterprises primarily monitoring their vendors. Subsequently, with the massive increase in data connectivity and cloud computing, the critical importance of cybersecurity has become apparent. Enterprises have now started to adopt security ratings not just for vendor risk management, but for internal compliance monitoring.

In today's distributed and hyperconnected world, with the sharing of common cloud resources, security breaches can propagate at extreme speeds, making it impossible for IT to have visibility into the rapidly shifting external threats to the enterprise’s infrastructure. SecurityScorecard ratings meet this challenge by providing a near real-time objective external view of the enterprise's vulnerability, enabling security personnel to remediate weaknesses before they become serious breaches that create financial losses.

When we initially invested in SecurityScorecard, the competitive landscape looked relatively undifferentiated. There were many security point solutions, most using traditional field-sales go-to-market strategies. We took a contrarian bet by backing SecurityScorecard because we saw the initial elements of company differentiation – in their founding team, their product strategy, and their focus on innovation – which we believed would scale up over time. Over the last three years, these key differentiation elements have played out, leading to SecurityScorecard becoming the category leader.

  • Exceptional founding team: Co-founders Aleksandr (Alex) Yampolskiy (CEO) and Sam Kassoumeh (CPO) were cybersecurity and risk management experts before they started SecurityScorecard. More impressively, they were also CSOs in their previous roles. They had a deep understanding of the security problem, both as coders and as IT professionals. They realized that the overwhelming majority of cybersecurity vendors were pushing solutions based on fear rather than providing customers with the objective truth. They also learned that the enterprise's biggest threats were the unknown vulnerabilities in the distributed computing environment that a hacker could exploit. SecurityScorecard’s founders realized that an enterprise's first task was to get the objective ground truth about their security posture (from an external attacker’s perspective) BEFORE they sought to remedy it by procuring new tools. SecurityScorecard’s ability to be trusted as a source of truth to help identify the root causes of an enterprise's vulnerability has been key to its significant growth and high customer retention.
  • Product-led focus: The vast majority of software companies, including cybersecurity vendors, are sales- and marketing-led. Although aggressive outbound sales tactics can often help close the first sale, they also lead to significant churn during renewals and upsells. Alex and his team focused on being product-led – continually developing new features and capabilities that would reduce the time to value and improve the measurement of vulnerabilities, helping security personnel make timely and correct decisions. SecurityScorecard provides its customers with precise and constantly updated data on their enterprise and their vendors at a level of detail and scale that is unmatched in the industry. For smaller customers, SecurityScorecard offers a freemium tier and access to free security ratings through third parties. When the pandemic locked down travel, the benefits of a user-focused product-led organization became apparent. SecurityScorecard grew strongly through the pandemic, driven by inbound inquiries and significant product upsells, while many of its competitors struggled.
  • Relentless innovation: SecurityScorecard recognizes that customers needed help beyond ratings to address their security concerns. New threats are constantly emerging and escalating, and security resources to mitigate these threats are scarce. Relying on their previous experience as customers, Alex and Sam have innovated based on their deep empathy for security officers and their understanding of IT's emerging needs. Key innovations have focused on providing flexibility and scale.
  • Flexibility: SecurityScorecard’s offering is flexible, enabling it to meet the demands of different enterprises. SecurityScorecard data can be consumed on a dashboard, as an API, or embedded in third-party software. SecurityScorecard’s software is architected to work with third-party data sources and software to generate new insights. Their new ATLAS offering enables enterprises to correlate SecurityScorecard security ratings with their own internal data. The ability to analyze data across different sources helps enterprises generate new insights and security actions.
  • Scale: An organization is only as secure as its weakest link. This is why it is critical for enterprises to map and monitor 100% of their vendors, however small and wherever located, and to understand the security posture of their entire supply chain. Nearly 2 million organizations are monitored and rated by SecurityScorecard daily, which is 10 times more than their closest competitor. SecurityScorecard is currently on track to rate more than 20 million organizations by the end of 2021. Massive-scale – across millions of organizations and billions of data points, measured daily – is what drives SecurityScorecard’s machine-learning training and accuracy, and continuously improves the prediction capabilities of their ratings. With access to over six years of data at scale, it is hard to see competitive solutions catching up.

    With a terrific team, the industry-leading product, relentless innovation, and over $200M on its balance sheet, SecurityScorecard is set to continue to grow with its customer's needs and the evolving cybersecurity landscape. We are delighted to be part of their journey and look forward to supporting Alex, Sam, and the SecurityScorecard team as they move toward becoming a public company!