Benchmarking
Risk benchmarking enables partners to compare security posture across their customer portfolio, identify outliers, and demonstrate the relative effectiveness of security investments to stakeholders.
Benchmarking Overview
S4E calculates a composite Security Score for each customer tenant based on:
- Number and severity of open findings.
- Age of unresolved findings.
- Asset exposure surface area.
- Remediation velocity (how quickly findings are resolved).
- Scan coverage (percentage of assets actively scanned).
The security score is normalized to a 0--100 scale, where 100 represents the highest security and 0 represents the lowest security.
Portfolio Benchmarking
Accessing the Benchmark Dashboard
- Ensure you are in the All Customers context (no specific customer selected).
- Navigate to Reports > Benchmarking.
- The dashboard displays the security score distribution across your entire customer portfolio.
Key Visualizations
| Visualization | Description |
|---|---|
| Security Score Distribution | Histogram showing the distribution of security scores across all customers. |
| Security Ranking | Sorted list of customers from lowest to highest security score. |
| Security Trend | Line chart showing each customer's security score over time. |
| Severity Heatmap | Matrix of customers vs. severity levels, with cell intensity indicating finding count. |
| Remediation Velocity | Bar chart comparing average remediation times across customers. |
| Scan Coverage Comparison | Percentage of assets scanned per customer. |
Filtering and Grouping
- By industry -- compare customers within the same industry vertical.
- By plan tier -- compare customers on similar license plans.
- By group -- compare customers within a defined customer group.
- By date range -- adjust the benchmarking period to focus on specific windows.
Industry benchmarking
Assign industry tags to your customers during tenant creation. This enables meaningful industry comparisons, such as comparing all healthcare customers against each other or against the portfolio average.
Customer-Level Benchmarking
When viewing a specific customer, the benchmarking section shows how that customer compares to the rest of the portfolio:
| Metric | Customer Value | Portfolio Average | Percentile |
|---|---|---|---|
| Security Score | Customer's current score | Average across all customers | Where the customer falls in the distribution |
| Open Criticals | Count | Average | Percentile |
| Mean Remediation Time | Days | Average days | Percentile |
| Scan Coverage | Percentage | Average percentage | Percentile |
This view is useful for customer-facing conversations, showing the customer where they stand relative to anonymized peers.
Anonymization
When sharing benchmarking data with customers, all peer data is anonymized. No customer can see another customer's name, domain, or identifying information. Only aggregate statistics and percentile rankings are shared.
Benchmark Reports
Generate benchmark reports for internal use or customer delivery:
Portfolio Benchmark Report
- Cover page with branding and reporting period.
- Portfolio security score summary and trend.
- Customer ranking table (anonymized for external use).
- Industry-level comparisons.
- Remediation velocity analysis.
- Recommendations for improving portfolio-wide risk posture.
Customer Benchmark Report
- Customer security score with portfolio context.
- Percentile rankings across key metrics.
- Peer comparison charts (anonymized).
- Specific improvement areas identified by gap analysis.
- Recommended actions to improve ranking.
Generating a Benchmark Report
- Navigate to Reports > Generate Report.
- Select Benchmark Report (Portfolio or Customer level).
- Configure the date range, scope, and branding.
- Generate and download.
Scoring Methodology
The security score is computed using weighted factors:
| Factor | Weight | Description |
|---|---|---|
| Finding severity | 35% | Weighted sum of open findings by CVSS score. |
| Finding age | 20% | Penalty for findings that remain open beyond expected resolution time. |
| Exposure surface | 15% | Number and type of exposed assets (external vs. internal). |
| Remediation velocity | 20% | Rate at which findings are resolved over time. |
| Scan coverage | 10% | Percentage of known assets actively scanned. |
Score recalculation
Security scores are recalculated daily at midnight UTC. Changes in findings, asset counts, or remediation status are reflected in the next day's score. Real-time score approximations are available in the dashboard but may differ slightly from the official daily score.
Using Benchmarks Strategically
Internal Partner Use
- Prioritize resources -- allocate analyst time to customers with the lowest security scores.
- Identify trends -- track whether customers are improving or degrading over time.
- Measure service effectiveness -- use portfolio-wide trends to assess the impact of your managed services.
- QBR preparation -- include benchmark data in quarterly business reviews.
Customer-Facing Use
- Demonstrate value -- show customers how their security score has improved since engaging your services.
- Motivate action -- use peer comparisons to encourage customers to address outstanding findings.
- Justify investment -- provide data-driven evidence for security budget requests.
- Compliance support -- benchmark data can support compliance narratives by showing continuous improvement.
Best Practices
- Tag customers with industry and size -- this enables meaningful peer comparisons rather than apples-to-oranges benchmarking.
- Review benchmarks monthly -- monthly cadence balances signal quality with operational effort.
- Use trend data, not snapshots -- a single point-in-time score is less informative than the direction of change.
- Share anonymized benchmarks with customers -- transparency builds trust and motivates remediation.
- Combine with SLA data -- benchmark performance in conjunction with SLA compliance for a complete picture (see SLA Tracking).