Portfolio Trends report

Use the Portfolio Trends report to communicate changes over time across your monitored security portfolio to your executive leadership, boards of directors, your security team, and other internal stakeholders.

As a vendor risk manager (VRM), run the report as needed to show your organization's progress in reducing the likelihood of breaches and in understanding your vendors' security postures. Use it to:

• Gauge what your company has done to reduce third-party risk within a particular time frame.
• Compare the number of detected issues on your vendor scorecards against the number fixed.
• Track aggregate historical trends, such as remediation counts, portfolio scores over time, or portfolio companies engaged in resolving issues.
• Evaluate how scorecard ratings have improved your company's security.

Tip: To view security progress for one other company or for your own, use the Company Trends Report.

Run the report

1. Go to Automations > Reporting Center > Portfolio Trends.
2. Select a portfolio to report on, or select All Portfolios.

3. Select a time range to report on. The age of your Portfolio and the current date affect the data you can see:

   • If your portfolio is less than a day old, you can see the 30-day range within 24 hours of creating it.
   • If your portfolio is less than one month old, you can see only the 30-day range.
   • When your portfolio's age passes 30 days, you can view other ranges.
   • The data for each month appears on the first day of the following month.

   

4. Review the charts and graphs.

   Tip: Hover over a point in time for any visualization to see detailed, cumulative information about that specific period.

   

5. To share the report with stakeholders who cannot access the SecurityScorecard platform, export it as a PDF.

Learn more about the report's data

Review each visualization to understand important aspects of your vendors' security:

• Average Portfolio Score displays the historical average score of the selected portfolio for the selected time frame. For broader context, view this data alongside the Risk Remediation and Vendor Engagement visualizations.

  

• Risk Remediation Performance displays vendors' risk and response behaviors over time and provides visibility into whether they are prioritizing actions that protect your business.

  • New and existing findings are security issues that require remediation.
  • Remediated findings have been resolved or disputed by vendors.
  • SecurityScorecard considers a finding decayed when:
    • Remediation evidence is not visible from an internet view. For example, the issue is remediated behind a gateway.
    • There is no observed activity for a time period specific to the issue type.

  Decayed findings no longer impact scores.

  

• Monitored Organizations are the total number of companies in the selected portfolio over the selected time range.

  

• Active Organizations are monitored organizations where users have logged in to the platform within the preceding 90 days. Active companies with grades C, D, or F when they are invited typically improve their scores by an average of 7 or 8 points within three months, while the scores of unengaged companies remain relatively unchanged over the same period.

  

• Top Movers and Bottom Movers are the best- and worst-performing organizations in the selected portfolio for the selected time frame. Click any listed organization to view its scorecard.

  

Why doesn't a breach in my Scorecard appear in my Portfolio Trends report?

Data for the Portfolio Trends report updates for the preceding month, typically at the beginning of the current month. Depending on when you add the Scorecard to a Portfolio or when the breach occurs in the update cycle, the breach can take up to a month to appear in the report.