The Incident Likelihood assessment evaluates the probability that your organization will experience a security incident. Unlike your SecurityScorecard Grade, which reflects daily observations of your external security posture, the Incident Likelihood assessment focuses on broader risk trends and long-term risk exposure.
The assessment provides a Low, Medium, High, or Critical rating indicating the likelihood that an incident affecting the confidentiality, integrity, or availability of your organization’s information is:
- Imminent
- Currently underway
- Or may have already occurred within the last six months
This assessment is used by your partner to evaluate overall risk posture and remediation progress.
How the Incident Likelihood assessment differs from the A–F Rating
The Incident Likelihood assessment was designed to complement SecurityScorecard’s A–F Rating, not replace it.
While both evaluate security risk, they differ in scope and methodology:
Assessment scope
The A–F Rating provides a broad, comprehensive view of your organization’s security posture.
The Incident Likelihood assessment focuses specifically on the probability of a serious security incident occurring now or within a six-month horizon.
Indicators used
The A–F Rating incorporates more than 200 findings and responds dynamically to newly identified issues and remediation activity.
The Incident Likelihood assessment uses a more focused set of significant risk indicators, including:
High-severity technical findings
Critical external risk signals (such as ransomware indicators or breach signals)
Vendor risk exposure, including the average A–F rating of identified vendors
Some indicators used in the Incident Likelihood assessment are informational and may not carry impact scores within the A–F Rating model. These are evaluated qualitatively to reflect broader residual risk.
Six-month time horizon
The A–F Rating updates dynamically based on current findings. The Incident Likelihood assessment evaluates both current signals and risk patterns observed over the past six months. This allows the model to account for residual risk associated with past incidents or elevated threat activity.
For example, a ransomware infection three months ago may continue to influence risk exposure even after immediate remediation.
The three components of your assessment
The Incident Likelihood assessment reflects aggregated risk across these three components. Improvements in any component can influence your overall assessment over time.
1. Information Security Objectives
This evaluates the structure and maturity of your organization’s security strategy, including formal frameworks such as Incident Management and Response.
2. Information Security Activities
This evaluates the operational actions your organization takes to manage risk, such as employee training and the implementation of internal security controls.
3. Information Security Indicators
These are observed external signals indicating elevated risk, such as critical vulnerabilities, ransomware signals, or past data breaches.
Using your Remediation Plan
Each Incident Likelihood assessment includes a Remediation Plan. This plan prioritizes actions designed to reduce the risk factors contributing to your assessment.
Addressing these recommendations helps reduce the residual risk reflected in your six-month trend analysis.