How does ShadowMap calculate security ratings ?

The vendor security score in ShadowMap is calculated using a proprietary algorithm that offers a comprehensive, contextual view of each vendor’s cybersecurity risk. Rather than relying solely on raw counts of issues, the scoring model incorporates multiple weighted factors across different risk modules to reflect the true severity and persistence of risk.

Key Factors Considered in the Scoring:

• Risk Category & Severity: Issues are categorized across modules such as Dark Web Monitoring, Brand Protection, Threat Intelligence, and Data Leaks. High-severity issues (e.g., exposed credentials, active phishing domains, leaked source code) have a greater negative impact on the score.
• Issue Duration: The longer an issue remains open or unaddressed on the dashboard, the more it contributes to a decline in the security score. Timely remediation improves the score trajectory.
• Frequency & Volume of Alerts: A consistently high frequency of findings—regardless of individual severity—indicates poor hygiene and affects the overall score. This includes repeated domain impersonations, recurring leaks, or reappearing threat indicators.
• Historical Trends: The algorithm evaluates changes in risk posture over time. A declining trend in new alerts or faster closure of issues can gradually improve the score, whereas increasing or unaddressed findings signal deteriorating posture.
• Dark Web & Executive Exposure: Alerts related to breaches, credential leaks, or sensitive data exposure on the Dark Web—especially when linked to executives or key assets—carry significantly higher weight in the scoring model.

Additional Notes:

• It is non-linear by design—meaning individual actions may not lead to immediate score changes, as the algorithm accounts for the broader context and interdependencies across modules.
• Comparative benchmarking against industry peers is also factored into the scoring logic to contextualize a vendor’s relative security maturity.

This approach ensures that ShadowMap provides a dynamic and realistic risk score that helps stakeholders prioritize actions and track improvements over time.