A comprehensive cyber risk score
The S2Score is a cyber risk score that communicates the information security risk of an organization, it’s vendors, and it’s team.
Cyber risk score methodology
SecurityStudio’s S2Score is a solution for measuring cyber risk. It solves the problems of complexity and measurement and simplifies the way risk is communicated so businesses can make informed risk decisions.
The S2Score methodology was founded on two absolute truths:
Complexity is the worst enemy of information security.
You cannot manage what you cannot measure.
Measuring cyber risk
The S2Score is a cyber risk score ranging from 300 – 850, like a credit score. The score range resonates well with everyone, allowing for accessibility in understanding across multiple levels of an organization, not just the tech team.
Find out your S2Score
Apply the score across our entire platform of tools
S2Org
The organizational information security risk assessment tool used by thousands of organizations, both public and private.
Learn more
S2Vendor
The information security risk management tool developed to simplify, automate, and standardize third-party vendor risk management processes.
Learn more
S2Team
The organizational aggregate of your employees' information security knowledge gaps that helps inform employee training going forward.
Learn more
S2Partner
A comprehensive dashboard for your MSP to manage your clients' modules and users.
Learn moreEvolution of the S2Score
The original S2Score didn’t even have a name when it was developed by our founder, Evan Francen. He was the CISO at a $3.9B pharmaceutical company in 2005, and he was challenged with communicating information security to non-information security people. He built the first assessment scoring methodology that measured risk as “high”, “guarded”, or “moderate”. The beginning cyber risk score equations were a good foundation because they were applied consistently; however, the representation of risk was confusing because of the subjective scoring words.
In 2008, Evan co-founded FRSecure. The assessment originally developed years earlier would become the cornerstone offering for FRSecure. The math also evolved, and the cyber risk score became more refined. Subjective words were replaced with grades A, B, C, D, and F. This was a much better way to communicate information security risk, but they were missing a punch. People were comfortable settling with mediocrity and had trouble getting the point. Comments like, “even Cs get degrees” were common and information security improvements were not consistently made.
In 2015, FRSecure started to use a score ranging from 300 – 850. The score range resonated well with information security and non-information security people alike because of people's familiarity with the credit score.
In 2017, Evan founded SecurityStudio, and the S2Score was born. SecurityStudio was established as a vehicle to help guide and develop good information security fundamentals across all industries.
Today, the S2Score is used by thousands of organizations across all industries. The algorithms behind the score have gotten tighter, the assessments have gotten better, and everyone who uses the S2Score has benefited from its consistency and simplicity.
Frequently Asked
Questions
We receive questions about the S2Score often from a variety of sources, including our partners, our customers, and industry experts.
Sign up for our newsletter
Receive monthly news and insights in your inbox. Don't miss out!
