2 Million Security Questions Answered

We answered 2 million questions!

We are celebrating a pivotal milestone in redefining security and customer assurance across global enterprises: 2 million security questions answered! Some of the world’s most innovative companies, including OpenAI, Airtable, and Stack Overflow – trust SecurityPal and Customer Assurance (CAx) suite to navigate the evolving challenges of B2B cybersecurity.

Completing 2 million security questions, we have processed over 87% of the Fortune 500 security questions, showcasing our commitment to growth and innovation in security and compliance.

What did the journey look like?

The road to answering 2 million security questions shows our unwavering commitment to transforming Customer Assurance. In the wake of the COVID-19 pandemic, SecurityPal emerged from the vision of our founder, Pukar C. Hamal. Witnessing firsthand the bottlenecks created by extensive security questionnaires, Hamal was driven to streamline this critical aspect of commercial transactions. His goal was clear: accelerate business growth and innovation by simplifying and securing the customer journey.

From our humble beginnings with a remote team of eight, SecurityPal has expanded its reach and capabilities. Under the leadership of Laxman Basnet, GM & VP of Operations, SecurityPal honed its foundation on robust recruitment, comprehensive training, and a culture of high performance and growth.

The 2023 inauguration of the SecurityPal Operations Command Center (SOCC) in Nepal centralized operations and harnessed local talent to further SecurityPal’s global impact. The SOCC symbolized our emergence from stealth mode and readiness to address cybersecurity challenges on a global scale.

With the backing of $21 million in Series A funding led by Craft Ventures and endorsements from leading enterprises like OpenAI, Airtable, and Stack Overflow, SecurityPal is solidifying its position as a pioneer in Customer Assurance.

Key milestones along the way:

• Launched SecurityPal Prime for questionnaire completion in 24 hours or less
• Launched SOCC - 24/7/365 operations for round-the-clock support
• Multilingual support in Questionnaire Concierge for seamless global communication
• AI-powered Copilot for efficient response generation and improved accuracy
• Vendor Assessment to streamline third-party risk assessments
• Assurance Profile for building trust and transparency with a centralized security platform

In four years, SecurityPal has grown from a small startup to a pioneer in customer assurance, playing a pivotal role in shaping the future of secure business transactions. Our journey is marked by growth and an unwavering focus on delivering value and assurance to the world’s fastest-growing enterprises.

Key insights from answering 2 million security questions

Increased Question Volume in Security Questionnaires

Not only is the volume of security questionnaires increasing, so is the number of questions in each questionnaire. With an average of 113 questions per questionnaire, organizations are delving deeper into potential partners' security postures. This surge in questions shows that businesses are more concerned with deeply understanding the security postures of their partners.

The 2025 Standardized Information Gathering (SIG) questionnaire has introduced new and critical topics to address emerging industry demands. These include:

• Payments compliance
• Risk management principles
• Environmental, Social, and Governance (ESG) criteria

This update reflects a shift to a more holistic approach to third-party risk management (TPRM). As more organizations increase the complexity and number of questions asked, we’ve seen a growing emphasis on assessing and mitigating risks within supply chains, ensuring organizations can effectively evaluate their third-party relationships.

New global regulatory frameworks – such as the Digital Operations Resilience Act (DORA), NIS2, and NIST CSF 2.0 – are enhancing how businesses assess vendors , especially in regard to managing sensitive or regulated data.

Each sector has unique security needs, including compliance, regulation, data privacy, and cybersecurity maturity models. As organizations increasingly rely on digital tools and remote work, they focus on robust governance and security frameworks, including ESG considerations. Consequently, the average security question count has risen to address these evolving needs.

These trends suggest a continued shift toward integrated, industry-specific risk management solutions that prioritize transparency, compliance, and stakeholder trust.

Increasing demand for efficiency

The distribution of questionnaire formats paints a picture of an industry in transition: 50% still rely on Excel sheets, while 30.2% have adopted more streamlined portal questionnaires, leaving 19.8% clinging to document attachments.

This shift towards digital platforms reflects a growing need for efficiency in the assessment process. Perhaps most tellingly, we've observed a marked increase in expedited request submissions, underscoring the critical role that rapid security clearance now plays in facilitating business operations. These trends collectively highlight the dynamic nature of cybersecurity assessments and the pressing need for solutions that can keep pace with evolving demands.

What questions are organizations asking?

Our analysis of security questionnaires reveals a landscape of increasing complexity and evolving practices.

Organizations are focusing on data protection, access control, and incident response in their security questionnaires. In a sample dataset, we saw that Encryption Key Management, Access Control, and Incident Management collectively comprise 16.39% of questions out of thousands of questions in our sample data across 42 categories.

A new focus area in security questionnaires has emerged: AI ethics questions are now being incorporated to address considerations around bias, transparency, and accountability in AI systems. This reflects a growing awareness of AI's societal impact and the need for ethical governance frameworks. Similarly, cloud security considerations have expanded in question sets, emphasizing data protection, access controls, and compliance measures for cloud environments. These changes emphasize the need to adapt security protocols for cloud-specific challenges like shared responsibility and multi-cloud environments.

Our Approach to Security Questionnaires

SecurityPal approaches security questionnaires with a comprehensive blend of cutting-edge technology, AI, and expert knowledge from certified analysts. Driven by a culture of high performance, we evolve with the constantly changing nature of security questionnaires. This is how we do it:

Our Knowledge Library serves as a comprehensive database of completed security questionnaires from clients⁠. It provides valuable context on how clients typically respond, enabling more accurate and tailored answers for future questionnaires.‍

Artificial Intelligence and Certified Analysts

Our process starts with AI and certified human Analysts. AI helps to understand the details of the questionnaire, while our analysts converse with the respective point of contact to understand their specific needs and turn-around time. Our analysts are not just employees — they are subject matter experts, recruited through a solid process and trained intensively. Our team is committed to customer satisfaction, working around the clock, 365 days a year.

Questionnaire Handling

We efficiently address both specific inquiries and detailed questionnaires from companies interested in your security posture. With a turnaround time averaging 70 hours — and under 12 hours with SP Prime — we have achieved an average completion rate exceeding 90%.

We use a dataset of completed security questionnaires from our clients, which gives us context on how they typically respond. This helps us to craft better and more accurate responses. After a questionnaire is completed, we provide detailed feedback about how we approached it. We identify which questions and answers need reviewed or additional information. We provide analysis and feedback on any gaps.

Once clients return the updated and final questionnaire to us, we review it. If they’ve made any changes, we learn from them and improve our process and responses for future questionnaires. We craft responses in various languages for global reach and provide real-time tracking for progress monitoring. Our system is designed for a seamless, integrated user experience with options for both in-app and email submissions.

The Impact on Customer Assurance and Compliance

Our proactive approach to understanding our clients' security frameworks enables us to identify potential vulnerabilities in their systems. We achieve this by meticulously responding to their security-related inquiries, providing us with a comprehensive understanding of their security landscape.

Upon recognizing these vulnerabilities, we devise actionable measures to enhance their overall security position. The execution of these measures results in:

• Improved business operations.
• Increased reliability and security.
• Adherence to compliance standards.
• Better customer assurance.

Our customers gain confidence knowing that the services they use are supported by robust security measures. We ensure operations are secure and comply with applicable regulations. Answering security questions builds awareness of compliance responsibilities and fosters accountability within organizations. The implementation of security measures inspired by these inquiries not only enhances compliance but also fortifies overall security posture, reducing the risk of breaches and non-compliance.

Case Study: Productiv’s Efficiency Boost

When Josh Mullis joined Productiv as Head of InfoSec, he was challenged with a high volume of lengthy security questionnaires. Josh aimed to boost SecurityPal adoption across teams, seeking standardization and scalability to maximize its potential.

Before SecurityPal, Productiv's InfoSec team needed up to two weeks to complete security questionnaires. With SecurityPal Questionnaire Concierge, they now spend less than 30 minutes reviewing each questionnaire, ensuring an SLA of 3-4 days turnaround.

This not only significantly reduces the burden of security reviews on their internal team but also expedites security due diligence for prospects and customers. By reducing time on security questionnaires, we drive Productiv's go-to-market function, allowing their InfoSec team to focus on risk mitigation.

The future of Customer Assurance with SecurityPal

With innovation at its core, SecurityPal is ready to tackle the ever-evolving cybersecurity landscape, considering the recent introduction of Cybersecurity Framework (CSF) 2.0, an increasing focus on supply chain risk, SEC rulings, and the growing focus on AI.

At SecurityPal, we envision a future where businesses can confidently navigate the security landscape, accelerating deals and building stronger partnerships. Streamlining security reviews is a key part of bringing this vision to life. As we celebrate the milestone of 2 million questions answered, we are excited to see where the next 2 million questions take us.