SecurityScorecard has been helping companies understand the security risk of its vendors since 2014 by providing each one with a letter grade based on a number of dimensions. The company announced a $180 million Series E.
The round includes new investors Silver Lake Waterman, T. Rowe Price, Kayne Anderson Rudnick, and Fitch Venture along with existing investors Evolution Equity Partners, Accomplice, Riverwood Capital, Intel Capital, NGP Capital, AXA Venture Partners, GV (Google Ventures) and Boldstart Ventures. The company reports it has now raised $290 million.
Co-founder and CEO Aleksandr Yampolskiy says the company’s mission has not changed since it launched. “The idea that we started the company was a realization that when I was CISO and CTO I had no metrics at my disposal. I invested in all kinds of solutions where I was completely in the dark about how I’m doing compared to the industry and how my vendors and suppliers were doing compared to me,” Yampolskiy told me.
He and his co-founder COO Sam Kassoumeh likened this to a banker looking at a mortgage application and having no credit score to check. The company changed that by starting a system of scoring the security posture of different companies and giving them a letter grade of A-F just like at school.
Today, it has ratings on more than 2 million companies worldwide, giving companies a way to understand how secure their vendors are. Yampolskiy says that his company’s solution can rate a new company not in the data set in just five minutes. Every company can see its own scorecard for free along with advice on how to improve that score.
He notes that in fact, the disastrous SolarWinds hack was entirely predictable based on SecurityScorecard’s rating system. “SolarWinds’ score has been lagging below the industry average for quite a long time, so we weren’t really particularly surprised about them,” he said.