Understanding and managing cyber risks is critical for business success in today's digital landscape. Cyber Risk Compare empowers you with actionable insights to protect your organisation by comparing the cyber risk of your suppliers or competitors.
Our platform makes cyber risk analysis effortless. Simply search for a domain name or organisation, and we will scan and profile it for potential cybersecurity vulnerabilities. Each vulnerability is assessed for its potential impact and likelihood using the Cyber Risk Quantification process developed by Cyber Tzar. This process delivers a clear and comprehensive Cyber Risk Score to allow you to compare up to six organisations (up to many thousands in the platform itself).
We gather this data using Open Source Intelligence (OSINT), publicly available information from external-facing web applications, websites, and infrastructure, and from other external data sources on breach checks, companies' house, and security accreditation sites.
Inspired by the visionary work of Brewster Kahle and Bruce Gilliat at Alexa Internet, Cyber Security Compare builds on their legacy by providing cutting-edge tools for today’s cybersecurity challenges.
Cyber Risk Compare from Cyber Tzar: the Enterprise Supply Chain Risk Management platform.
Please note: Learn more about OSINT and Alexa Internet on Wikipedia. Links open in new tabs.
| No. ▲ | Collection |
|---|---|
| 1 | UK Premier League Football Clubs |
| 2 | UK Major Government Suppliers |
| No. ▲ | Collection |
|---|---|
| 1 | UK Political Parties |
| 2 | UK Academic Institutions |
| No. ▲ | Domain | Organisation |
|---|---|---|
| 1 | dxc.com | |
| 2 | lockheedmartin.com | Lockheed Martin |
| 3 | get-nourished.com | Get Nourish3d |
| 4 | liverpool.ac.uk | |
| 5 | no5.com | No5 Barristers' Chambers |
| No. ▲ | Domain | Organisation |
|---|---|---|
| 1 | facebook.com | |
| 2 | youtube.com | Youtube |
| 3 | google.com | |
| 4 | twitch.tv | Twitch |
| 5 | reddit.com | Reddit, Inc. |
| No. ▲ | Industry | Average Score |
|---|---|---|
| 1 | Fund Raising | 848.00 |
| 2 | Government Relations | 837.75 |
| 3 | Business Supplies And Equipment | 821.00 |
| 4 | Outsourcing/Offshoring | 817.20 |
| 5 | International Affairs | 817.00 |
| 6 | Venture Capital & Private Equity | 807.33 |
| 7 | Mental Health Care | 805.50 |
| 8 | Museums And Institutions | 800.00 |
| 9 | Investment Banking | 799.00 |
| 10 | Furniture | 797.50 |
| No. ▲ | Industry | Average Score |
|---|---|---|
| 1 | Arts And Crafts | 658.00 |
| 2 | Railroad Manufacture | 670.33 |
| 3 | Cosmetics | 682.00 |
| 4 | Sporting Goods | 684.50 |
| 5 | Individual & Family Services | 688.00 |
| 6 | Public Safety | 692.00 |
| 7 | Computer Networking | 698.50 |
| 8 | Civic & Social Organization | 704.00 |
| 9 | Shipbuilding | 705.40 |
| 10 | Civil Engineering | 709.00 |
| No. ▲ | Issue | Risk Family | Risk Group | Potential Impact Severity | Likelihood Probability | Count |
|---|---|---|---|---|---|---|
| 1 | Base64 Disclosure | Information Disclosure | 24 | Very Low Personal Data (Privacy) impact | Unlikely | 485,470 |
| 2 | Retrieved from Cache | Information Disclosure | 24 | Very Low Personal Data (Privacy) impact | Unlikely | 415,005 |
| 3 | Sec-Fetch-User Header is Missing | Web Security | 25 | Very Low Cyber Attack (Technical) impact | Rare/Remote | 381,757 |
| 4 | Storable and Cacheable Content | Web Security | 24 | Very Low Cyber Attack (Technical) impact | Unlikely | 375,831 |
| 5 | Insufficient Site Isolation Against Spectre Vulnerability | Web Security | 8 | High Cyber Attack (Technical) impact | Possible | 306,344 |
| 6 | X-Content-Type-Options Header Missing | Web Security | 18 | Low Cyber Attack (Technical) impact | Possible | 258,731 |
| 7 | Timestamp Disclosure - Unix | Information Disclosure | 24 | Very Low Personal Data (Privacy) impact | Unlikely | 251,675 |
| 8 | Strict-Transport-Security Header Not Set | Web Security | 14 | Low Cyber Attack (Technical) impact | Likely | 250,054 |
| 9 | Sub Resource Integrity Attribute Missing | Web Security | 6 | Medium Cyber Attack (Technical) impact | Very Likely | 211,751 |
| 10 | Cross-Domain JavaScript Source File Inclusion | Cross-Site Scripting (XSS) | 13 | Medium Cyber Attack (Technical) impact | Possible | 136,573 |
| No. ▲ | Issue | Risk Family | Risk Group | Potential Impact Severity | Likelihood Probability | Count |
|---|---|---|---|---|---|---|
| 1 | Insufficient Site Isolation Against Spectre Vulnerability | Web Security | 8 | High Cyber Attack (Technical) impact | Possible | 306,344 |
| 2 | Strict-Transport-Security Header Not Set | Web Security | 14 | Low Cyber Attack (Technical) impact | Likely | 250,054 |
| 3 | Sub Resource Integrity Attribute Missing | Web Security | 6 | Medium Cyber Attack (Technical) impact | Very Likely | 211,751 |
| 4 | Cross-Domain JavaScript Source File Inclusion | Cross-Site Scripting (XSS) | 13 | Medium Cyber Attack (Technical) impact | Possible | 136,573 |
| 5 | Cross-Domain Misconfiguration | Cross-Origin Resource Sharing (CORS) | 8 | High Cyber Attack (Technical) impact | Possible | 72,886 |
| 6 | Insufficient Site Isolation Against Spectre Vulnerability | Web Security | 8 | High Cyber Attack (Technical) impact | Possible | 54,486 |
| 7 | Insufficient Site Isolation Against Spectre Vulnerability | Web Security | 8 | High Cyber Attack (Technical) impact | Possible | 53,853 |
| 8 | Server Leaks Version Information via "Server" HTTP Response Header Field | Information Disclosure | 14 | Low Personal Data (Privacy) impact | Likely | 52,953 |
| 9 | CSP: Failure to Define Directive with No Fallback | Content Security Policy (CSP) | 14 | Low Cyber Attack (Technical) impact | Likely | 37,547 |
| 10 | CSP: style-src unsafe-inline | Content Security Policy (CSP) | 13 | Medium Cyber Attack (Technical) impact | Possible | 35,891 |