Security Ratings Are a Dangerous Fantasy

Security professionals don’t like security ratings, also known as cybersecurity risk scores.1 Partly this is because people don’t like being criticized. But mostly it’s because security ratings don’t work, and cannot work as presently conceived and sold. The industry is a marketing façade. Security ratings do not predict breaches, do not help people make valuable business decisions, and do not make anyone safer.

In this white paper, we explain why the above statements are true. In disclosure, Cortex® Xpanse™ is also a cybersecurity company. We decided in 2016 that we would not launch a security rating product because, while believing there to be a substantial market for such scores, we refused to ship a product we could not fully stand behind.

Please fill your information below to download the white paper.


    In alignment with General Data Regulation (GDPR) guidelines we are asking for your permission to stay in touch.  Please opt-in to ensure you can have access to the latest Palo Alto Networks news, activities and insights.