Scoring Algorithm 2.0 is effective from 19 March 2018.  Prior to this date, Scoring Algorithm 1.0 was in use.

After collecting thousands of data points from our users, we identified Scoring Algorithm 1.0 groups results too tightly to be effective for differentiating between organizations.  

In response to this, we developed Scoring Algorithm 2.0 to achieve closer to a normal distribution in the range of 0 - 10.  The Algorithm 2.0 distribution is shown below:

Impact of the scoring algorithm change

For most organizations, scores will drop.  While this may be concerning for organizations seeing it happen, what it does allow is for a better assessment of how you stand in relation to other organizations. 

Scores of close to 10 are - quite rightly - in rarefied air.  There are relatively few organizations operating at that level of security maturity.  Scores of under 4 are not uncommon and this also reflects reality.  

A score of between 4 - 6 is now both the mean and median.