In this article:
A cybersecurity breach could result in disrupted operations, data loss, or damage to reputation. The consequences can be serious for your organization and, potentially, for companies that do business with you. A breach may have reflect a lapse in your cyber-defenses or vendor risk management. For these reasons it impacts your score significantly.
How the breach penalty works
Whenever SecurityScorecard gets information from a trusted data provider that a breach has been published, we apply a temporary 20 percent penalty relative to the current score within several days after verification.
So, if your score is 100 when we apply the penalty, it drops to 80. If your score is 80 at the time of the penalty, it drops 16 points to 64.
Note: The 20 percent score drop applies to all confirmed breaches, regardless of specific circumstances, such as magnitude of impact or whether data was stolen. In other words, the specifics of the breach do not affect the penalty.
The penalty has a 30-day half-life, which means that that the score drop diminishes by half every 30 days, and no longer impacts your score after 120 days:
| Time after breach publication date | Score drop |
| 0 days | 20 percent |
| 30 days | 10 percent |
| 60 days | 5 percent |
| 90 days | 2.5 percent |
| 120 days | No score impact |