Trust Has a Number: First-of-its-Kind Synack Report Reveals Trust Scores to Measure and Compare Security Performance

Manufacturing & Critical Infrastructure and Financial Services Lead the Way as Most Trusted Industries

REDWOOD CITY, Calif., March 27, 2019 /PRNewswire/ — Trust has a number. The 2019 Trust Report shares what it is.

The report, released today, is the first report of its kind to measure industries’ and organizations’ trustworthiness from a hacker’s perspective. Analysis is based on proprietary data from thousands of crowdsourced penetration tests on digital assets owned by hundreds of companies across nine industries over several years. The report, published by trusted crowdsourced security leader Synack, is the first to compare relative performance within and across industries and establish benchmark metrics – all from a hacker’s perspective. Some of the largest Global 2000 companies from financial services, retail and healthcare, including 75% top credit card companies, top 10 consulting firms, and leading security companies, and more than 50% of U.S. Government agencies, contribute to the data set.

Industry Insights on Security Performance

The Trust Report indicates that best performing industries in 2018 were Manufacturing & Critical Infrastructure and Financial Services. Industries analyzed in the Trust Report include Manufacturing and Critical Infrastructure, Financial Services, Federal Government, Healthcare, Retail, Technology, Consulting/Business & IT Services, State, Local & Education, and eCommerce.

“Historically, it’s been extremely difficult to measure the success and the progress of security initiatives because there hasn’t been a common metric or benchmark to start from. But when you have a pragmatic, relevant quantifiable baseline, you can then start to improve your situation. The Synack Attacker Resistance Score has presented CISOs with a new tool and opportunity,” Jay Kaplan, Synack Co-Founder & CEO, said.

Measuring Security, Measuring Trust

Security departments have tens of billions of dollars a year at their disposal, yet it’s difficult for many CISOs to prove that they are winning this cyber war and that their organizations’ assets are really getting more secure. Executives, investors, and board members have the right to wonder if their investments in security are paying off.

“It’s all about measurement. CISOs need a way to present security to their executive team and board in a way that clearly demonstrates and measures the business risk to the organization. The executive team doesn’t want to talk about security- they want to talk about risk,” Stephen Ward, CISO, Home Depot, remarked during a Synack event at the 2019 RSA Conference.

Security teams who have executed proactive and continuous crowdsourced testing are making significantly more progress in increasing their security performance over time than those who don’t. Organizations with the highest Attacker Resistance Scores have the following in common: they proactively deploy security testing to make it harder for attackers to find vulnerabilities, integrate security testing earlier into DevOps to reduce the cost of vulnerabilities, and prioritize the fast remediation of the most egregious security issues.

The 2019 Trust Report includes a foreword from Stanford University’s trust expert, Jeff Hancock, followed by remarks from Steve Ward (CISO, Home Depot); Kevin Fielder (CISO, Just Eat); Amit Elazari (Global Cybersecurity Policy, Intel; Lecturer, UC Berkeley); David Demarest (former CEO, AspenLine Reputation Strategies); David Cohen (Shareholder, Brownstein Hyatt Farber Schreck; former Chief Administrative Officer, CLEAR). Additional findings of the report include:

  • Organizations that practice continuous penetration testing are over 40% more resistant to cyber attacks than organizations who rely on point-in-time security tests.
  • Organizations that have utilized crowdsourced penetration testing for 2 or more years are up to 2x stronger against cyber attacks than they were in their first year.

The full report can be downloaded for free at

About Synack
Based in Redwood City, California, Synack is the trusted leader in Crowdsourced Security. By leveraging the world’s best ethical hackers and an AI-enabled platform, Synack helps organizations find and fix critical security issues and provides valuable security intelligence on digital assets. This intelligence secures critical infrastructure and leading brands and businesses around the world- Synack’s crowdsourced penetration testing protects leading global banks, DoD classified assets, and close to $1 trillion in Fortune 500 revenue. For more information, please visit