In this article:
A cybersecurity breach could result in disrupted operations, data loss, or damage to reputation. The consequences can be serious for your organization and, potentially, for companies that do business with you. A breach may have reflect a lapse in your cyber-defenses or vendor risk management. For these reasons it impacts your score significantly.
How the breach penalty works
Whenever SecurityScorecard gets information from a trusted data provider that a breach has been published, we apply a temporary 10 percent penalty relative to the current score. This penalty begins on the publish date, not when the incident shows up on the Scorecard.
So, if your score is 100 when we apply the penalty, it drops to 90. If your score is 80 at the time of the penalty, it drops 8 points to 72.
Note: The 10 percent score drop applies to all confirmed breaches, regardless of specific circumstances, such as magnitude of impact or whether data was stolen. In other words, the specifics of the breach do not affect the penalty.
The negative score impact of the penalty gradually diminishes to zero over a 30-day period.