Every week the news is full of new exposures of protected health information (PHI) and personally identifiable information (PII). These security incidents are not only more common but also more costly.
Many of these exposures are caused by accidental data leaks rather than deliberate data breaches, which is why cyber risk management and vendor risk management are top priorities for CISOs, Vice Presidents of Security, and senior management. And they're increasingly important at the board level.
The introduction of general data protection laws around the world has introduced or widened the scope of mandatory data breach notification laws, significantly increasing reputational and regulatory impact.
In the United States, California has introduced CCPA, Florida has introduced FIPA, and New York has launched the SHIELD Act. Outside of the United States, two well-known examples are the European Union's GDPR and Brazil's LGPD.
Additionally, many of these laws have broadened the definition of sensitive data. This means what were once small security incidents are now reportable data breaches, adding to the impact of inadequate risk management.
Security teams have more to worry about than ever before. Their job now not only involves developing information security policies and improving cybersecurity postures but increasingly, translating technical terms for non-technical stakeholders.
There are tools that can help, such as UpGuard, the issue it's hard to know which one is the best for you. We wrote this guide with all this in mind, to give you a clear comparison between RiskIQ, SecurityScorecard, and UpGuard, so you can make an informed decision and choose the tool that is right for you.
RiskIQ is a cybersecurity company based in San Francisco, California. RiskIQ provides cloud-based software as a service for organizations to manage their attack surface and detect phishing, fraud, malware, and other online security threats.
RiskIQ was founded in 2009 by Lou Manousos, Chris Kiernan, and David Pon.
SecurityScorecard is a New York-based security ratings platform that uses traffic and other publicly accessible data to build security ratings to evaluate vendors and manage cyber risk among other use cases.
SecurityScoreCard also monitors "hacker chatter" and other public data feeds for indicators of compromise.