UpGuard, Formerly ScriptRock, Unveils First FICO-Like Score for Cybersecurity and Compliance

CSTAR Creates First Actionable Score for Businesses and Insurance Carriers to Accurately, Easily Measure Cyber Risk

January 30, 2016

5 Min Read


Tuesday, January 26, 2016 – Mountain View, Calif. – UpGuard (www.upguard.com), formerly ScriptRock (www.scriptrock.com), today unveiled its Cybersecurity Threat Assessment Report (CSTAR), the industry’s first and only comprehensive and actionable cybersecurity preparedness score for enterprises. UpGuard’s CSTAR is a FICO-like score that allows businesses to measurably understand the risk of data breaches and unplanned outages due to misconfigurations and software vulnerabilities, while also offering insurance carriers a new standard by which to more effectively assess risk and compliance profiles.

Cybersecurity insurance is designed to mitigate losses from a variety of cyber incidents, including data breaches, business interruption and network damage; however, many companies forego available policies due to perceived high cost and uncertainty that their organizations will suffer an attack. With CSTAR, insurance carriers can make smarter underwriting decisions while accelerating the availability of comprehensive and cost-effective cybersecurity insurance policies for businesses.

“It’s impossible for businesses to get a clear picture of their systems – and put simply, they can’t even begin to fix what they don’t understand. That shortcoming has led to many high-profile data breaches making headlines and has also left the bulk of the global economy uninsured,” said Mike Baukes, co-CEO and co-founder of UpGuard. “CSTAR aims to be the standard upon which companies re-evaluate security practices and for insurance carriers to sharpen evaluation methods and broaden coverage policies.”

Introducing The First Comprehensive, FICO-Like Standard For Cybersecurity

UpGuard’s expertise in configuration anomaly and vulnerability detection allows for a complete picture of an organization’s cybersecurity preparedness. An organization’s CSTAR represents a company’s aptitude in the areas of compliance, integrity and security across all servers, network devices and cloud applications. UpGuard customers can trace changes in their CSTAR evaluation down to the smallest building blocks of information technology and use the full report to then remediate potential risks, creating a safer environment for customer data and lowering insurance costs. Thousands of customers worldwide already use UpGuard’s technology to validate mission-critical infrastructure and continuously detect potential risks.

The CSTAR reflects three distinct assessment categories:

·  Compliance measures an organization’s ability to maintain its systems in a resilient state. A high score in this category indicates the organization ensures their servers, network devices, and cloud services are maintained properly and correctly configured.

·  Integrity measures an organization’s ability to determine whether changes are authorized or unauthorized. UpGuard documents every change within its auditable system of record, then performs a number of policy-based checks to determine how many of those changes are expected.

·  Security measures an organization’s ability to detect and remediate vulnerabilities. UpGuard maintains an updated database of information about known software vulnerabilities from top security organizations, as well as integrates with multiple vulnerability assessment tools, to determine which systems and software packages may be at risk. The number and severity of vulnerabilities, along with the frequency of scans, determine this category’s score.

Just as FICO became a global standard for measuring risk in the financial industry through establishing an accurate and reliable number lenders trust to make credit decisions, UpGuard envisions a similar path for CSTAR to be the single score for measuring risk that insurance providers and businesses alike rely on to make cyber risk decisions.

“The market for cyberinsurance is still developing, because the risks underlying the coverage are difficult to quantify from an actuarial standpoint. With no standard set of actuarial tables, insurers are often left to their own underwriting standards and creativity when offering cyberinsurance policies. The lack of actuarial data and the diversity of IT risks that are not presently covered, as well as the increased price, make cyberinsurance less desirable to companies seeking coverage,” notes Gartner, Inc. in Understanding When and How to Use Cyberinsurance Effectively, John A. Wheeler, March 12, 2015.

Giving Rise To The Cybersecurity Insurance Industry

The White House expects by 2020 for cybersecurity insurance to be as common as product liability coverage and other basic policies – and yet, only a few dozen insurers globally currently offer it. UpGuard has worked with major industry players, including CRC Insurance Services, Inc. and Corona Underwriters, to deeply understand challenges unique to the underwriting and decision-making process. Rather than write policies based on ballpark estimates or conjecture, CSTAR enables carriers to measure cyber risk for companies at an individualized operational level, and write policies based on concrete security data. It provides a much-needed industry standard that allows carriers to finally understand cybersecurity risk and to act on that information.

“UpGuard takes an altogether different approach to an issue that’s long hindered the cyber insurance industry. Such an easy-to-understand score and scalable solution will greatly enhance our ability to assess the cybersecurity of our clients,” said Garrett Koehn, president, Northwestern Region for CRC Insurance Group, a leading commercial insurance wholesaler.

To see how it works, or to get your CSTAR rating, visit www.upguard.com.

About UpGuard

UpGuard is the company behind CSTAR, the world’s only comprehensive and actionable cybersecurity preparedness score for enterprises. The FICO-like score allows businesses to understand the risk of breaches and unplanned outages due to misconfigurations and software vulnerabilities. It also offers insurance carriers a new standard by which to effectively assess client risk and compliance profiles. Thousands of companies, including ADP, E*TRADE and Cisco Systems, use UpGuard to validate infrastructure, continuously detect risks and procure cybersecurity insurance. UpGuard is headquartered in Mountain View, CA with offices in Portland, OR. To see how UpGuard works, or to get your CSTAR rating, visit www.upguard.com.

Subscribe to the UpGuard blog: www.upguard.com/blog

Follow UpGuard on Twitter: @UpGuard

Follow UpGuard on LinkedIn: www.linkedin.com/upguard

Follow UpGuard on Facebook: www.facebook.com/upguard

Media Contact

Jane Hainze



Keep up with the latest cybersecurity threats, newly discovered vulnerabilities, data breach information, and emerging trends. Delivered daily or weekly right to your email inbox.

You May Also Like

More Insights