SecurityScorecard Investigates S&P 500 Companies Breaches and New Cybersecurity Regulations

By Alex Passett

The landscape of cybersecurity is, without a shred of doubt, prone to dynamic shifts. According to the U.S. Securities and Exchange Commission (SEC), new cybersecurity regulations will require publicly traded organizations to provide proper disclosure of quote-unquote “material” cyber incidents within a period of four days.

Alright, four days. At least it isn’t four hours, right?

Nevertheless, many organizations – plus key policymakers and investors therein – still lack the ability to tap into key insights that shine a bright-enough overhead light, so to speak, on the evolution of the current threat landscape. (Which, as we’ve established, evolves rapidly.)

What’s the next step, then?

SecurityScorecard’s threat researchers have clinched an answer.

With such new breach requirements (and the increased need for breach visibility) on the horizon, SecurityScorecard conducted its S&P 500 Cyber Threat Report. This report analyzes the security ratings of S&P 500 companies and offers avenues down which security teams may trek in order to shore up the state of their respective cybersecure systems.

Here's a long-story-short version of the report’s findings:

  • 21% of S&P 500 companies reported breaches in 2023: Bad actors chase money trails, and ransomware operators target S&P 500s based on their stocks’ market values (while demanding higher and higher ransoms, as time passes). The bigger targets, in attackers’ eyes, are usually more capable of paying these ransoms, so ensuring that “the bigger they are, the harder they fall” doesn’t happen vis-à-vis strengthened cybersecurity is a sure-fire must in 2024.
  • 25% of the reported S&P 500 breaches impacted financial services, fintech, and insurance companies: Financial institutions are responsible for substantial assets, and those wielding ransomware know how interconnected segments of the financial sector can be. Compromising a “big player” could lead to additional gains for bad actors. Thus, a company ensuring it’s protected can also have a significant effect on other companies, as well.
  • 52% of breached companies unfortunately reported exposed Personal Identifiable Information (PII): Once an attack has been enacted, the access of critical employee info (used against them either via ransom or via impersonation) can lead to legitimate crises on personal, professional, and wholescale operational levels. This is why, again, up-to-date cybersecurity protocols with maximized across-the-board visibility is vital.

The report also covered increasingly sophisticated social engineering risks that company associates face, supply chain attack statistics, and more.

“Regulatory pressure continues to grow, and companies need a unified definition of cybersecurity due diligence with clear metrics,” said Dr. Aleksander Yampolskiy, SecurityScorecard’s CEO. “Just as credit scores standardized the financial world, companies need a universal framework to measure cybersecurity risk and define materiality.”

Click here to download and read the full threat report.




Edited by Greg Tavarez
Get stories like this delivered straight to your inbox. [Free eNews Subscription]
SHARE THIS ARTICLE
Related Articles

From Generic VSaaS to Vertical Expertise: A Growth Strategy for MSPs

By: Erik Linask    7/15/2026

MSPs can build tailored VSaaS offerings for healthcare, education, logistics, and other industries by combining flexible VMS platforms with vertical-s…

Read More

Why AI Spend Management Could Become the Next MSP Service Opportunity

By: Erik Linask    7/14/2026

As AI costs rise, businesses need visibility into token usage and budget risk, which creates a potential new AI cost-governance revenue opportunity fo…

Read More

The Next SOC Shift Is Here: Autonomous Identity Response for MSPs

By: Erik Linask    7/8/2026

Blackpoint Cyber's new AI SOC Agent for Identity Threat Detection and Response gives MSPs an autonomous, human-guided way to contain high-confidence c…

Read More

Identity Is the New Perimeter and MSPs Are on the Front Line

By: Erik Linask    7/8/2026

Barracuda's acquisition of Evo Security expands BarracudaONE with MSP-focused IAM and PAM capabilities, highlighting how identity resilience is becomi…

Read More

MSPs: The Network Is No Longer Someone Else's Problem

By: Erik Linask    6/30/2026

Reinvent's new MyCloud SecureLink offering gives MSPs and resellers a partner-ready way to deliver managed SD-WAN, network security, and resilient con…

Read More