When it comes to cybersecurity, companies have more to worry about than attacks against their infrastructure and employees. There’s also the risk of hackers indirectly obtaining sensitive data by compromising third parties such as suppliers, a threat SecurityScorecard Inc. is tackling.

The startup today announced that it has raised a $27.5 million funding round to step up the effort. As the name implies, SecurityScorecard operates a cloud-based rating platform that scores how well organizations worldwide protect themselves from hackers. A company could draw on the service to identify potential security risks in its business ecosystem.

Entering the domain name of, say, a hosting provider into SecurityScorecard would bring up a visual overview of its security posture. The platform uses a straightforward alphabetical grading system to rate organizations. The scores assigned to a company’s partners are displayed atop one another in a visual list, which allows risk management personnel a quick way to find the issues they should tackle first.

SecurityScorecard says that an organization with a “D” or “F” in its platform is 5.4 times more likely to suffer a breach than one with an “A” or “B.” Once they’ve identified the most vulnerable suppliers, users can select them to view the specific risks at hand.

SecurityScorecard displays the weaknesses that an attacker would see when scouting for potential attack vectors. That includes network configuration issues, poorly secured endpoints and vulnerable applications. The platform also displays “secondary threat indicators,” such as if an organization’s name has come up in hacker forums recently.

A report sharing feature enables companies to bring potential issues to a supplier’s attention. The tool is complemented by an alerting system that makes it possible to keep track of how suppliers’ security posture changes over time, as well as stay on top of new developments such as a breach.

SecurityScorecard said its platform has multiple uses. Besides easing risk management teams’ work, the visual grading mechanism can help keep nontechnical stakeholders in the loop. An executive, for example, could easily quantify their company’s third-party risk using the scores when briefing the board.

Today’s funding will help SecurityScorecard develop more use cases for the platform. The investment was led by Nokia Growth Partners with participation from credit rating agency Moody’s Corp., Intel Capital and several other returning investors.

Image: typographyimages/Pixabay