US 12,231,458 B2
Cybersecurity risk assessment on an industry basis
Aleksandr Yampolskiy, New York, NY (US); Rob Blackin, New York, NY (US); Alexander Heid, Hollywood, FL (US); and Samuel Kassoumeh, New York, NY (US)
Assigned to SecurityScorecard, Inc., New York, NY (US)
Filed by SecurityScorecard, Inc., New York, NY (US)
Filed on Sep. 14, 2023, as Appl. No. 18/466,876.
Application 18/466,876 is a continuation of application No. 17/102,359, filed on Nov. 23, 2020, granted, now 11,785,037.
Application 17/102,359 is a continuation of application No. 16/932,560, filed on Jul. 17, 2020, granted, now 10,848,517, issued on Nov. 24, 2020.
Application 16/932,560 is a continuation of application No. 16/690,223, filed on Nov. 21, 2019, granted, now 11,336,677, issued on May 17, 2022.
Application 16/690,223 is a continuation of application No. 15/072,168, filed on Mar. 16, 2016, granted, now 10,491,619, issued on Nov. 26, 2019.
Application 15/072,168 is a continuation of application No. 14/702,664, filed on May 1, 2015, granted, now 9,294,498, issued on Mar. 22, 2016.
Claims priority of provisional application 62/091,478, filed on Dec. 13, 2014.
Claims priority of provisional application 62/091,477, filed on Dec. 13, 2014.
Prior Publication US 2024/0007496 A1, Jan. 4, 2024
This patent is subject to a terminal disclaimer.
Int. Cl. H04L 9/40 (2022.01); G06F 21/56 (2013.01); G06F 21/57 (2013.01); G06N 20/00 (2019.01); G06Q 10/0635 (2023.01); G06Q 10/0639 (2023.01); H04L 43/065 (2022.01); H04L 61/25 (2022.01); H04L 61/2503 (2022.01); H04L 61/4511 (2022.01); H04L 61/5007 (2022.01); H04L 61/5076 (2022.01); H04L 67/10 (2022.01); H04W 84/12 (2009.01)
CPC H04L 63/1433 (2013.01) [G06F 21/56 (2013.01); G06F 21/57 (2013.01); G06F 21/577 (2013.01); G06N 20/00 (2019.01); G06Q 10/0635 (2013.01); G06Q 10/06393 (2013.01); H04L 43/065 (2013.01); H04L 61/25 (2013.01); H04L 61/2503 (2013.01); H04L 61/4511 (2022.05); H04L 61/5007 (2022.05); H04L 61/5076 (2022.05); H04L 63/08 (2013.01); H04L 63/1425 (2013.01); H04L 63/1458 (2013.01); H04L 67/10 (2013.01); H04W 84/12 (2013.01); G06F 2221/034 (2013.01)] 20 Claims
OG exemplary drawing
 
1. A method for benchmarking one company's cybersecurity risk against the cybersecurity risks of other companies, the method comprising:
collecting, at a cybersecurity scoring system, non-intrusive data relating to a plurality of companies, where the non-intrusive data is collected without obtaining permission to collect the non-intrusive data from the plurality of companies by the cybersecurity scoring system, and where the non-intrusive data represents cybersecurity risks attributable to the plurality of companies;
obtaining, at the cybersecurity scoring system, a plurality of attributes associated with the plurality of companies, the plurality of attributes comprising, for each company of the plurality of companies, a set of attributes associated with the company, wherein the set of attributes includes an identity of the company;
calculating, at the cybersecurity scoring system, a plurality of individual cybersecurity risk scores associated with the plurality of companies, where, for each company of the plurality of companies, an individual cybersecurity risk score associated with the company is based on the set of attributes associated with the company and the non-intrusive data associated with the company; and
generating, at the cybersecurity scoring system, a relative cybersecurity risk score for a first company of the plurality of companies based on a first individual cybersecurity risk score associated with the first company and the plurality of individual cybersecurity risk scores.