Rankiteo Logo
Rankiteo
Leader in Cyber Underwriting
Loading...
NEWRankiteo Cyber Underwriting Desktop - Score, price, and bind from your desktop
WindowsmacOSLinux
Download
Blackbaud

Blackbaud Vendor Cyber Rating & Cyber Score

blackbaud.com

Blackbaud (NASDAQ: BLKB) is the leading software provider exclusively dedicated to powering social impact. Serving the nonprofit and education sectors, companies committed to social responsibility, and individual change makers, Blackbaud’s essential software is built to accelerate impact in fundraising, nonprofit financial management, digital giving, grantmaking, corporate social responsibility and education management. With millions of users and $100 billion donated, granted, and invested through its platforms every year, Blackbaud’s solutions are unleashing the potential of the people and organizations who change the world. Blackbaud has been named to Newsweek’s list of America’s Most Responsible Companies, Quartz’s list of Best


Blackbaud A.I CyberSecurity Scoring

Blackbaud
Company Information
Website:http://www.blackbaud.com
Employees number:3,125
Number of followers:123,245
NAICS:5112
Industry Type:Software Development
Homepage:blackbaud.com
Blackbaud Risk Score (AI oriented)
Between 650 and 699
logo
BlackbaudSoftware Development
Updated:
23/04/2026
653/1000
Weak
B
AaaAaABaaBaBCaaCaC
Powered by our proprietary A.I cyber incident model
Insurance prefers TPRM score to calculate premium
Blackbaud Global Score (TPRM)
xxxx
logo
BlackbaudSoftware Development
•••
Score locked
Instant access to detailed risk factors
Vulnerabilities
Benchmark vs. industry & size peers
Findings

Blackbaud
BlackbaudWeak
Current Score
653B (WEAK)
01000
3 incidents
-63 avg impact
Incident timeline with MITRE ATT&CK tactics, techniques, and mitigations.
JULY 2026
654Before Incident
JUNE 2026
652Before Incident
MAY 2026
652Before Incident
APRIL 2026
716Before Incident
Breach
22 Apr 2026Blackbaud
Barracuda Networks, Inc., Zoll Medical Corporation, Blackbaud and Inc.: Legal Analysis: Insurer Subrogation Rights Under Scrutiny

Court Rulings on Subrogation Rights in Cybersecurity Breaches: Axis v. Barracuda and Travelers v. Blackbaud

653After Incident
CRITICAL-63
BLABARZOL1776911191
Court Rulings Shape Subrogation Rights in Cybersecurity Breaches: Key Cases Define Vendor Liability Two recent court decisions Axis Insurance Company v. Barracuda Networks, Inc. (2025) and Travelers Casualty and Surety Company of America v. Blackbaud, Inc. (2026) have clarified the limits of insurers’ subrogation rights against vendors following data breaches, with outcomes hinging on contractual relationships and legal standing. ### Axis v. Barracuda: No Privity, No Subrogation In Axis v. Barracuda, the U.S. First Circuit Court of Appeals ruled on November 20, 2025, that insurer Axis could not pursue subrogation against Barracuda Networks after a breach exposed Zoll Medical Corporation’s customer data. The case stemmed from a 2023 incident where Barracuda’s email archiving service, used by Zoll’s vendor Fusion LLC, was compromised. Zoll settled a class-action lawsuit from affected customers and sought recovery from Fusion and Barracuda. The court rejected Axis’s equitable indemnification claim, finding no direct or vicarious contractual relationship between Zoll and Barracuda only a chain of independent contracts (Zoll-Fusion, Fusion-Barracuda). Without privity, the court ruled that equitable indemnification, a narrow remedy, could not reallocate risk post-breach. The First Circuit also dismissed Axis’s breach-of-contract claim, affirming that Fusion failed to meet a contractual condition precedent (a liability-limiting provision) and that Barracuda’s lack of audit obligations did not waive this defense. Similarly, Axis’s claim for breach of the covenant of good faith failed, as Fusion had not negotiated protections for breach scenarios. ### Travelers v. Blackbaud: Direct Contracts Enable Subrogation In contrast, the Delaware Supreme Court ruled on February 13, 2026, in Travelers v. Blackbaud that insurers could proceed with subrogation claims against the software provider. Blackbaud, which provided donor management services to nonprofits, suffered a 2020 ransomware attack but offered clients only a self-remediation "toolkit" instead of direct support. Insurers, including Travelers, covered their policyholders’ incident response costs (legal fees, notifications, credit monitoring) and sued Blackbaud for recovery. The lower court dismissed the case, citing insufficiently pleaded aggregate claims under New York law. However, the Delaware Supreme Court overturned the decision, finding that the insurers had adequately alleged breach of contract. Unlike Axis, the insureds had direct contracts with Blackbaud, giving insurers standing to pursue subrogation. The court emphasized that Blackbaud could address individual claims through discovery, and that foreseeable breach-related costs (e.g., remediation expenses) constituted recoverable damages. ### Key Takeaways: Contracts Determine Liability The rulings underscore a critical distinction: subrogation claims against vendors require a direct contractual relationship between the insured and the breached party. In Axis, the lack of privity doomed the claim, while Travelers succeeded because the insureds’ contracts with Blackbaud established clear liability pathways. Both decisions reinforce that: - Equitable indemnification is unavailable without a direct or derivative contractual link. - Breach-of-contract claims hinge on compliance with contractual terms, including conditions precedent. - Aggregate subrogation may proceed if insurers plead sufficient facts, as seen in Travelers. The cases signal that cyber insurers and policyholders must scrutinize vendor contracts for liability clauses, indemnification rights, and subrogation waivers to mitigate exposure in breach scenarios.
INCIDENT DETAILS -
TYPE
Data BreachRansomware
IMPACT
Data Compromised: Customer data (Zoll Medical Corporation), donor management data (nonprofits)Email archiving service (Barracuda)Donor management software (Blackbaud)Operational Impact: Class-action lawsuits, incident response costs, credit monitoringClass-action settlementsRegulatory scrutiny
DATA BREACH
Customer dataDonor management dataSensitivity Of Data: Personally identifiable information (PII)Personally Identifiable Information: Yes
MARCH 2026
715Before Incident
FEBRUARY 2026
714Before Incident
JANUARY 2026
713Before Incident
DECEMBER 2025
718Before Incident
NOVEMBER 2025
711Before Incident
OCTOBER 2025
710Before Incident
SEPTEMBER 2025
709Before Incident
AUGUST 2025
708Before Incident
MAY 2020
658Before Incident
Breach
01 May 2020Blackbaud
Emma Willard School

Emma Willard School Data Breach (2020)

583After Incident
CRITICAL-75
BLA256082125
On May 14, 2020, Emma Willard School suffered a data breach caused by an external hacking incident. The breach exposed Social Security numbers (SSNs) of 2,273 individuals, including 16 Maine residents, potentially leading to identity theft risks. The school took nearly five months to notify affected individuals, sending letters on October 28, 2020, and offered 24 months of identity theft protection services as a remedial measure. The compromised data—primarily SSNs—poses a long-term risk of financial fraud, unauthorized account openings, and other identity-related crimes. The delay in disclosure may have further exacerbated vulnerabilities for the victims. The breach highlights systemic weaknesses in the institution’s cybersecurity defenses, particularly in safeguarding highly sensitive personal identifiers from external threats.
INCIDENT DETAILS -
TYPE
Data Breach
IMPACT
Social Security NumbersIdentity Theft Risk: High (2,273 individuals exposed)
DATA BREACH
Type Of Data Compromised: Personally Identifiable Information (PII)Number Of Records Exposed: 2,273Sensitivity Of Data: High (Social Security Numbers)Social Security Numbers
FEBRUARY 2020
760Before Incident
Ransomware
07 Feb 2020Blackbaud
Blackbaud, Inc.

Maryknoll School Data Breach

652After Incident
CRITICAL-108
BLA551072625
The Hawaii Attorney General's Office reported that Maryknoll School experienced a data breach involving Blackbaud, Inc. on July 16, 2020. The breach, which was a ransomware attack, occurred between February 7, 2020 and May 20, 2020, affecting personal information of 2 individuals, including names and Social Security numbers. Maryknoll School began mailing notification letters to the affected individuals on March 24, 2021.
INCIDENT DETAILS -
TYPE
Data Breach
IMPACT
NamesSocial Security numbers
DATA BREACH
NamesSocial Security numbersSensitivity Of Data: High

Frequently Asked Questions

?
What is the current A.I Rankiteo Cyber Score for Blackbaud ?
?
What was Blackbaud's A.I Rankiteo Cyber Score in June 2026 ?
?
What was Blackbaud's A.I Rankiteo Cyber Score in May 2026 ?
?
What was Blackbaud's A.I Rankiteo Cyber Score in April 2026 ?
?
What was Blackbaud's A.I Rankiteo Cyber Score in March 2026 ?
?
What was Blackbaud's A.I Rankiteo Cyber Score in February 2026 ?
?
What was Blackbaud's A.I Rankiteo Cyber Score in January 2026 ?
?
What was Blackbaud's A.I Rankiteo Cyber Score in December 2025 ?
?
What was Blackbaud's A.I Rankiteo Cyber Score in November 2025 ?
?
What was Blackbaud's A.I Rankiteo Cyber Score in October 2025 ?
?
What was Blackbaud's A.I Rankiteo Cyber Score in September 2025 ?
?
What was Blackbaud's A.I Rankiteo Cyber Score in August 2025 ?
?
What is the average per-incident point impact on Blackbaud's A.I Rankiteo Cyber Score over the past 12 months ?
?
Where can I access detailed records of all cyber incidents associated with Blackbaud ?
?
Where can I find a summary of the A.I Rankiteo Risk Scoring methodology ?
?
Where can I view Blackbaud's profile page on Rankiteo ?
?
How accurate is the A.I Rankiteo Risk Scoring methodology ?