Cygienic Risk Rating System

...Powered by Cygienic vCISO

Research Image



Trusted & Reliable Cybersecurity Risk Ratings From Cygienic. 



Cybersecurity Risk Assessments

Cybersecurity risk assessments are a collection of Algorithmic & Automation assessments that evaluate the security posture of an organization. They provide a quantitative measurement of a company's cybersecurity risk, similar to a credit rating, and can be used by stakeholders such as customers, investors, and insurers to assess an organization's overall risk profile.

Cybersecurity risk assessments are based on a range of factors, including the organization's cyber security controls, financial impacts, vendor risks, compliance & policies, as well as its vulnerability management and cyber hygiene practises. Indicators are becoming increasingly important in the current landscape of frequent cyber-attacks and data breaches, as they can help organizations better understand and manage their risk exposure, and provide a benchmark for comparison with peers in their industry.


Cygienic vCISO Risk Assessments 

The Cygienic vCISO assesses four key cybersecurity risk areas:   

  • Attack Surface Management(ASM): Cyber assessment of internet facing attack surface
  • Financial Risk Quantification: Data breach & cyber attack impact cost analysis 
  • Compliance Risk Management: Regulatory & compliance assessments 
  • Third-Party Risk Management (TPRM): 3rd party vendor risk management and assessments   

Our cybersecurity risk ratings are a reliable and trustworthy source of information for assessing the risk profile of a business. All our ratings are aligned with industry security standards, including the *US Commerce of Trade - Principles For Fair And Accurate Security Ratings, *National Institute of Standards and Technology - NIST NVD CVE and the *Common Vulnerability Scoring System - CVSS V3.0.

By aligning with these established standards, our risk ratings provide a more accurate and objective assessment of your company's security profile. 

Comparable to Rating Agencies & Market Leaders    

Our risk ratings, in terms of accurace and comprehensiveness, are comparable to industry rating agencies and market cybersecurity leaders.


Cygienic vCISO Attack Surface Management (ASM)

Email Security 6 25 11%
Webpage Security 11 36 15%
Data Privacy 8 32 14%
Systems Compromised 5 40 17%
System Vulnerabilities 8 59 26%
Network Open Ports 16 38 17%

Total 55 Probes Max Score 230= [A+]


Cygienic vCISO (ASM) Severity Scores 

0.1 – 3.9     Low 
4.0 – 6.9     Medium
7.0 – 8.9    High
9.0 – 10.0   Critical 



Cygienic vCISO Indicators Grades

% Score 
A+   total points between 93-100%
total points between 85-92%
B+ total points between 79-84%
B total points between 73-78%
C+ total points between 62-72%
total points between 55-61%
D+ total points between 47-54%
D total points between 40-46%
E total points between 00-39%



*U.S Chamber of Commerce - Principles For Fair And Accurate Security Ratings

As security ratings continue to mature, more organizations in the public and private sectors leverage them in making business and risk decisions. As a key piece of a robust security evaluation program, security ratings based on accurate and relevant information are useful tools in evaluating cyber risk and facilitating collaborative, risk-based conversations between organizations. Security rating companies use a combination of data points collected or purchased from public and private sources and proprietary algorithms to articulate an organization’s security effectiveness into a quantifiable measure or score. As these ratings rely in part upon the quality and breadth of the data they use, the variety of sources and the dynamic nature of the environment create risks of producing ratings that can potentially be inaccurate, irrelevant or incomplete. To increase confidence in security ratings, an industry-wide, common approach should: - Promote quality and accuracy in the production of security ratings - Promote fairness in reporting - Include a coordinated process for adjudicating errors or inaccuracies in reported content - Establish guidelines for appropriate use and disclosure of the scores and ratings We believe these principles will promote fairness in reporting and enhance the value of security ratings across all industries.





To arrange a demonstration of our Cygienic vCISO, please reach out to For direct purchase of a Cygienic vCISO subscription, visit


Top Arrow