What is a scoring recalibration?
We regularly recalibrate or adjust our scoring algorithm to ensure scores accurately reflect the cybersecurity landscape. During a recalibration, we may add new issue types, retire existing ones, and adjust breach risk and threat levels based on updated risk signals.
We notify customers in advance of each recalibration and of any potential score impacts.
When does this recalibration take effect?
This recalibration takes effect on February 18, 2026.
How will my score be impacted?
You'll see a banner at the top of the Company Overview page for each Scorecard indicating the projected impact of this recalibration.
- If your score is expected to change, the banner shows the projected increase or decrease.
- If your score is not expected to change, the banner indicates that it is expected to remain the same.
In addition to the banner, the Issues table includes Recalibrated impact column that shows the post-recalibration impact for each issue.
If you have any questions about how this recalibration affects your Scorecard, please reach out to our Support team or your Customer Success Manager.
What is changing on February 18, 2026?
The following table summarizes the changes to threat levels and breach risk for 6 specific issue types affected by this recalibration.
| Issue Type | Current threat level | New threat level | Current breach risk | New breach risk | Impact |
|
Content Security Policy Contains ‘unsafe-*’ directive (csp_unsafe_policy_v2) |
INFO | Low | Low | Low | 📈 Increase |
|
Certificate Is Expired* (tlscert_expired) |
Medium | Medium | Low | Low | 📈 Increase |
|
Credentials at Risk for up to 120 Days (compromised_credentials_found) |
INFO | Low | INFO | Low | 📈 Increase |
|
Outdated Web Browser Observed (outdated_browser) |
High | Medium | High | Medium |
📉 Decrease |
|
Outdated OS (outdated_os) |
High | Medium | High | Medium |
📉 Decrease |
|
SOCKS Proxy Service Detected (service_socks_proxy) |
INFO | INFO | Medium | Low |
📉 Decrease |
*The impact of this issue type is changing so slightly that its categorical values will not change
Frequently Asked Questions
Q1. Why do scoring recalibrations happen?
- To ensure scores accurately reflect the dynamic elements of the cybersecurity landscape.
- To normalize scoring between organizations of different sizes, with differing digital footprints.
Q2. Where can I see the projected impact of the recalibration?
- A banner appears at the top of both the Company Overview and Issues pages for each Scorecard, showing what your score will be after the recalibration.
- This projected score is a snapshot in time and may change as issues are detected or remediated, just like your current score.
Q3. How can I improve my score ahead of the recalibration?
- Scores can be improved the same way they do today - by remediating detected issues.
- Only issues present on your scorecard at the time of the recalibration will be considered.
Q4. Why is my score projected to drop even though I have the same number of issues?
- During a recalibration, the breach risk or weight of certain issue types may change. Even if the total number of issues stays the same, changes in how those issues are weighted can impact your score.
Q5. Why are these issue types changing now?
- The score impact, threat level, and breach risk for certain issue types have been updated to better reflect their correlation with breach, based on current data. These correlations change over time as the cybersecurity landscape evolves.
- Score impact also varies by organization. Factors such as company size, digital footprint, and affected assets influence how changes to an issue type affect your overall score.
Q6. Are any new issue types being added as a part of this recalibration?
- No. This recalibration does not introduce any new issue types.
Q7. Does this recalibration change how issues and findings are scanned or detected?
- No, recalibration does not impact scanning cadence or issue detection.
Q8. Why does the downloaded report show higher-impact issue types that aren't listed as changed?
The issue types listed in the table above are the only ones whose defined impact level changed as part of this recalibration. For these issue types, each occurrence will decrease the score either more (increasing impact) or less (decreasing impact) than before, regardless of digital footprint, organizational size, or the presence of other issues.
However, SecurityScorecard scoring is not based only on fixed impact levels. Your score is also influenced by how your organization compares to similar organizations (your peer cohort), which are grouped based on size and digital footprint.
During a recalibration, we:
- Reevaluate peer cohort groupings
- Reassess how common each issue type is within those cohorts
Because scoring is partially based on relative comparison, the score contribution of an individual issue can change even when the inherent impact of that issue type has not.
For example:
If your organization has grown or reduced its digital footprint since the previous recalibration, you may now be compared against a different peer group.
If the overall distribution of a specific issue type changes within your cohort, its relative scoring may increase or decrease.
If you have more of a specific issue than your peers, it may contribute more strongly to your score.
If you have fewer than your peers, it may contribute less.
Q9. I have more questions - where can I get answers?
- We value your feedback! If you have questions about this recalibration or how it affects your Scorecard, contact Support or your Customer Success Manager.
Additional resources
For details on how our scoring works, see our Scoring Methodology Whitepaper.
Check out our on-demand webinar: Preparing for the February 2026 Scoring Recalibration: An Open Forum