ShadowMap

Appearance

Benchmarking

ShadowMap's Benchmark feature lets you compare your security posture against up to five peer organizations, giving you context for how your scores stack up.

Overview

The Benchmark tab on the Security Rating page shows a side-by-side comparison of your overall score and individual category scores against selected peers.

How Benchmarking Works

Benchmark scores are calculated using the same scoring methodology applied to your own organization. ShadowMap scans each peer's external digital footprint and generates ratings across all eight security categories.

WARNING

Benchmark data reflects externally visible security posture only. A peer with a high score may still have internal security issues that aren't visible from outside. Use benchmarks as one data point, not as a definitive comparison.

Adding Peers

  1. Navigate to Dashboard > Security Rating > Benchmark tab
  2. Click the Add Customer card (or the "+" button)
  3. Search for the organization you want to compare against
  4. Select them from the dropdown
  5. Their scores appear alongside yours, ranked by overall score

You can add up to 5 peer organizations for comparison.

Reading the Benchmark

The benchmark view shows:

  • Ranking — Organizations sorted by overall score (highest first)
  • Overall Score — Each peer's aggregate security rating
  • Category Breakdown — Individual scores across all eight categories
  • Your Organization — Highlighted with a distinct background so you can quickly see where you stand

What to Look For

  • Categories where you trail peers — These are areas where your security posture is weaker than comparable organizations. Prioritize improvements in these areas.
  • Categories where you lead — These show relative strengths in your security program.
  • Peers with similar scores — Organizations with scores close to yours are the most relevant comparisons. A peer with a score 30 points higher may operate in a different risk environment.

Managing Peers

Assigning Priority

You can assign a priority level (High, Medium, Low) to each peer to categorize them:

  • High — Direct competitors or organizations you're frequently compared against
  • Medium — Industry peers
  • Low — Aspirational comparisons

Tagging

Apply custom tags to peers for organization and filtering — for example, "competitor", "supply chain", or "industry-peer".

Removing a Peer

Click the remove icon next to a peer's name to remove them from your benchmark list.

Requesting a New Peer

If an organization isn't available in the search, use the Request Customer card to request that ShadowMap begin scanning them. Once the initial scan completes (typically within a few days), their scores will become available for benchmarking.

Use Cases

Board and Executive Reporting

Include benchmark comparisons in executive reports to show leadership how the organization's security posture compares to peers. This provides context — a score of 78 means more when stakeholders can see that the industry average is 65.

Vendor Risk Assessment

Use benchmarking alongside Vendor Risk Management to compare vendor security postures. Benchmark scores can inform vendor selection and ongoing risk monitoring.

Security Program Justification

If you're trailing peers in specific categories, benchmark data helps justify investment in those areas. "Our Application Security score is 15 points below the peer average" is a compelling argument for budget.

Common Questions

Q: How often are peer scores updated?

Peer scores are recalculated daily, just like your own. The benchmark reflects the most recent data available.

Q: Can peers see that I'm benchmarking against them?

No. Benchmark comparisons are private to your organization.

Q: Why does a peer's score seem different from what I'd expect?

ShadowMap scores based on externally visible data only. An organization may have strong internal controls that don't surface in external scanning. Conversely, they may have external exposures that their internal team isn't aware of.

ShadowMap by Security Brigade

Copyright 2024-present Security Brigade