Dark Reading is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.


01:00 PM
Dark Reading
Dark Reading
Products and Releases

UpGuard, Formerly ScriptRock, Unveils First FICO-Like Score for Cybersecurity and Compliance

CSTAR Creates First Actionable Score for Businesses and Insurance Carriers to Accurately, Easily Measure Cyber Risk

Tuesday, January 26, 2016 – Mountain View, Calif. – UpGuard (www.upguard.com), formerly ScriptRock (www.scriptrock.com), today unveiled its Cybersecurity Threat Assessment Report (CSTAR), the industry’s first and only comprehensive and actionable cybersecurity preparedness score for enterprises. UpGuard’s CSTAR is a FICO-like score that allows businesses to measurably understand the risk of data breaches and unplanned outages due to misconfigurations and software vulnerabilities, while also offering insurance carriers a new standard by which to more effectively assess risk and compliance profiles.

Cybersecurity insurance is designed to mitigate losses from a variety of cyber incidents, including data breaches, business interruption and network damage; however, many companies forego available policies due to perceived high cost and uncertainty that their organizations will suffer an attack. With CSTAR, insurance carriers can make smarter underwriting decisions while accelerating the availability of comprehensive and cost-effective cybersecurity insurance policies for businesses.

“It’s impossible for businesses to get a clear picture of their systems – and put simply, they can’t even begin to fix what they don’t understand. That shortcoming has led to many high-profile data breaches making headlines and has also left the bulk of the global economy uninsured,” said Mike Baukes, co-CEO and co-founder of UpGuard. “CSTAR aims to be the standard upon which companies re-evaluate security practices and for insurance carriers to sharpen evaluation methods and broaden coverage policies.”

Introducing The First Comprehensive, FICO-Like Standard For Cybersecurity

UpGuard’s expertise in configuration anomaly and vulnerability detection allows for a complete picture of an organization’s cybersecurity preparedness. An organization’s CSTAR represents a company’s aptitude in the areas of compliance, integrity and security across all servers, network devices and cloud applications. UpGuard customers can trace changes in their CSTAR evaluation down to the smallest building blocks of information technology and use the full report to then remediate potential risks, creating a safer environment for customer data and lowering insurance costs. Thousands of customers worldwide already use UpGuard’s technology to validate mission-critical infrastructure and continuously detect potential risks.

The CSTAR reflects three distinct assessment categories:

·  Compliance measures an organization’s ability to maintain its systems in a resilient state. A high score in this category indicates the organization ensures their servers, network devices, and cloud services are maintained properly and correctly configured.

·  Integrity measures an organization’s ability to determine whether changes are authorized or unauthorized. UpGuard documents every change within its auditable system of record, then performs a number of policy-based checks to determine how many of those changes are expected.

·  Security measures an organization’s ability to detect and remediate vulnerabilities. UpGuard maintains an updated database of information about known software vulnerabilities from top security organizations, as well as integrates with multiple vulnerability assessment tools, to determine which systems and software packages may be at risk. The number and severity of vulnerabilities, along with the frequency of scans, determine this category’s score.

Just as FICO became a global standard for measuring risk in the financial industry through establishing an accurate and reliable number lenders trust to make credit decisions, UpGuard envisions a similar path for CSTAR to be the single score for measuring risk that insurance providers and businesses alike rely on to make cyber risk decisions.

“The market for cyberinsurance is still developing, because the risks underlying the coverage are difficult to quantify from an actuarial standpoint. With no standard set of actuarial tables, insurers are often left to their own underwriting standards and creativity when offering cyberinsurance policies. The lack of actuarial data and the diversity of IT risks that are not presently covered, as well as the increased price, make cyberinsurance less desirable to companies seeking coverage,” notes Gartner, Inc. in Understanding When and How to Use Cyberinsurance Effectively, John A. Wheeler, March 12, 2015.

Giving Rise To The Cybersecurity Insurance Industry

The White House expects by 2020 for cybersecurity insurance to be as common as product liability coverage and other basic policies – and yet, only a few dozen insurers globally currently offer it. UpGuard has worked with major industry players, including CRC Insurance Services, Inc. and Corona Underwriters, to deeply understand challenges unique to the underwriting and decision-making process. Rather than write policies based on ballpark estimates or conjecture, CSTAR enables carriers to measure cyber risk for companies at an individualized operational level, and write policies based on concrete security data. It provides a much-needed industry standard that allows carriers to finally understand cybersecurity risk and to act on that information.

“UpGuard takes an altogether different approach to an issue that’s long hindered the cyber insurance industry. Such an easy-to-understand score and scalable solution will greatly enhance our ability to assess the cybersecurity of our clients,” said Garrett Koehn, president, Northwestern Region for CRC Insurance Group, a leading commercial insurance wholesaler.

To see how it works, or to get your CSTAR rating, visit www.upguard.com.

About UpGuard

UpGuard is the company behind CSTAR, the world’s only comprehensive and actionable cybersecurity preparedness score for enterprises. The FICO-like score allows businesses to understand the risk of breaches and unplanned outages due to misconfigurations and software vulnerabilities. It also offers insurance carriers a new standard by which to effectively assess client risk and compliance profiles. Thousands of companies, including ADP, E*TRADE and Cisco Systems, use UpGuard to validate infrastructure, continuously detect risks and procure cybersecurity insurance. UpGuard is headquartered in Mountain View, CA with offices in Portland, OR. To see how UpGuard works, or to get your CSTAR rating, visit www.upguard.com.

Subscribe to the UpGuard blog: www.upguard.com/blog

Follow UpGuard on Twitter: @UpGuard

Follow UpGuard on LinkedIn: www.linkedin.com/upguard

Follow UpGuard on Facebook: www.facebook.com/upguard

Media Contact

Jane Hainze



Comment  | 
Print  | 
More Insights
Newest First  |  Oldest First  |  Threaded View
COVID-19: Latest Security News & Commentary
Dark Reading Staff 6/1/2020
Stay-at-Home Orders Coincide With Massive DNS Surge
Robert Lemos, Contributing Writer,  5/27/2020
Register for Dark Reading Newsletters
White Papers
Cartoon Contest
Write a Caption, Win a Starbucks Card! Click Here
Latest Comment: This comment is waiting for review by our moderators.
Current Issue
How Cybersecurity Incident Response Programs Work (and Why Some Don't)
This Tech Digest takes a look at the vital role cybersecurity incident response (IR) plays in managing cyber-risk within organizations. Download the Tech Digest today to find out how well-planned IR programs can detect intrusions, contain breaches, and help an organization restore normal operations.
Flash Poll
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
PUBLISHED: 2020-06-02
ZNC before 1.8.1-rc1 allows attackers to trigger an application crash (with a NULL pointer dereference) if echo-message is not enabled and there is no network.
PUBLISHED: 2020-06-02
An issue was discovered in fastecdsa before 2.1.2. When using the NIST P-256 curve in the ECDSA implementation, the point at infinity is mishandled. This means that for an extreme value in k and s^-1, the signature verification fails even if the signature is correct. This behavior is not solely a us...
PUBLISHED: 2020-06-02
common.php in the Gravity Forms plugin before 2.4.9 for WordPress can leak hashed passwords because user_pass is not considered a special case for a $current_user->get($property) call.
PUBLISHED: 2020-06-02
In Joomla! before 3.9.19, missing token checks in com_postinstall lead to CSRF.
PUBLISHED: 2020-06-02
In Joomla! before 3.9.19, lack of input validation in the heading tag option of the "Articles - Newsflash" and "Articles - Categories" modules allows XSS.