Security Rating Overview:
The Security Rating is a critical indicator of an organization's overall security posture. Vendors must actively monitor and improve this score through the dashboard to ensure that risks are effectively mitigated.
The vendor security score in ShadowMap is calculated using a proprietary algorithm that offers a comprehensive, contextual view of each vendor’s cybersecurity risk. Rather than relying solely on raw counts of issues, the scoring model incorporates multiple weighted factors across different risk modules to reflect the true severity and persistence of risk.
Understanding the Security Score:
A (90-100): Strong Security Posture
B (80-89): Minor Issues Present
C (70-79): Moderate Risk
D (60-69): Weak Security Posture
F (59 and below): Critical Security Failures
Key Factors Considered in the Scoring:
- Risk Category & Severity: Issues are categorized across modules such as Dark Web Monitoring, Brand Protection, Threat Intelligence, and Data Leaks. High-severity issues (e.g., exposed credentials, active phishing domains, leaked source code) have a greater negative impact on the score.
- Issue Duration: The longer an issue remains open or unaddressed on the dashboard, the more it contributes to a decline in the security score. Timely remediation improves the score trajectory.
- Frequency & Volume of Alerts: A consistently high frequency of finding regardless of individual severity indicates poor hygiene and affects the overall score. This includes repeated domain impersonations, recurring leaks, or reappearing threat indicators.
- Historical Trends: The algorithm evaluates changes in risk posture over time. A declining trend in new alerts or faster closure of issues can gradually improve the score, whereas increasing or unaddressed findings signal deteriorating posture.
- Dark Web & Executive Exposure: Alerts related to breaches, credential leaks, or sensitive data exposure on the Dark Web, especially when linked to executives or key assets—carry significantly higher weight in the scoring model.
Additional Notes:
- It is non-linear by design meaning individual actions may not lead to immediate score changes, as the algorithm accounts for the broader context and interdependencies across modules.
- Comparative benchmarking against industry peers is also factored into the scoring logic to contextualize a vendor’s relative security maturity.
This approach ensures that ShadowMap provides a dynamic and realistic risk score that helps stakeholders prioritize actions and track improvements over time.
Scorecard & Recommendation:
When you click on the rating, it will redirect you to the Scorecard tab, where you can see the four main pillars we focus on:
- Brand Protection
- Dark Web
- Data Leaks
- Threats
This section shows how well your organization is performing in each of these four modules with their respective security ratings. By expanding any module, you will also see specific recommendations that need to be followed to resolve the alerts within that module.
Was this article helpful?
That’s Great!
Thank you for your feedback
Sorry! We couldn't be helpful
Thank you for your feedback
Feedback sent
We appreciate your effort and will try to fix the article