Included in all levels of the BreachRisk™ for Business services, the BreachRisk™ Report is a powerful tool for understanding cyber risk and security risk management.
The second level to understanding a company or organization's cyber risks and risk management strategies is the BreachRisk™ Report, which is available quarterly for free when you sign up for a BreachRisk™ for Business account. The BreachRisk™ Report can also be shared securely with other organizations for free through your BreachRisk™ Dashboard. If you are using BreachRisk™ Portfolio services, you can also request that companies in your portfolio share their Report with you.
What's in the Report?
A BreachRisk™ Report adds a first layer of detail to the BreachRisk™ Score with details found from analyzing a company's IT infrastructure. The report contains the various threats that went in to determining a BreachRisk™ Score, providing an accurate representation of potential security threats.
Our cyber risk chart describes these threat vectors with green, yellow, and red to easily identify the risk level. The placement of the markers on the risk chart is based on two things: the likelihood a cyber attacker could successfully breach and the impact to your organization. Using this proven measurement system, the danger rating for an individual threat describes how easily an attacker could exploit it and the nominal danger that could be done.
Consider the Report's threat scatter plot a roadmap or plan of action. A high danger rating means an increased risk. All high and very high risks could indicate the need for immediate action to bolster defense again potential attacks or exploitations. Start improving your security (and your score) by handling the highest risks first.
A threat's danger and likelihood can change over time. One way to decrease a vector's potential threat rating is to enable Penetration Testing, allowing for active testing of existing security measures. Only available for BreachRisk™ for Business Pro level and above.
In addition to the summary of threats and their plotting along the risk management chart, the report contains a summary of the BreachRisk™ Score history and a plain language assessment of positive and aggravating factors to help understand how the score was influenced. The Score History chart allows for a quick understanding of the Score trend, whether security has improved or worsened over time. The plain language assessment, "Factors Influencing Your BreachRisk™ Score" contains non-specific and recommendations for continuing to improve the Score, recommendations are described in such a way as to be comprehensible (if not addressable) by someone without a technical background.
Premium BreachRisk™ for Business subscribers will be able to access past versions of their Report, allowing you to see full Reports and how each component of it has changed over time.
The goal of the BreachRisk™ Report is to provide more information for making smart business decisions when it comes to cyber security. While the specificity is increased from the Score, the Report is meant to be high level and to allow for conversations across company departments. It should allow for understanding even for those without a technical or security background.
Report Sharing
Report access for a new BreachRisk™ for Business customer is restricted until DNS verification can be provided. Learn how to do this and why we require it. Once you have verified ownership of your company's domain, you'll be able to access and share your report.
If you were invited to join BreachRisk™ for Business by a company requesting access to your report, once your account is setup and verified, you'll be able to approve the request in your Data Sharing page. Simply click the link and sign in to visit the Data Sharing page. Once there you'll see a table of active requests, simply approve it and the requesting company will be granted instant access to your Report page.
If you have an existing BreachRisk™ for Business account and would like to invite another company to view your report, you can send them an invitation to join BreachRisk™ for Portfolio using the Data Sharing page. Simply click on the New Sharing Invitation button in the right hand corner of the Active BreachRisk™ Report Shares table. You'll just need a company name and point of contact's email and they'll be able to sign up for a trial version of Portfolio and instantly see your Report.
If you are a BreachRisk™ for Portfolio customer and would like to invite a company in your portfolio to join BreachRisk and share their report with you, please visit our article on how to invite them.
BreachRisk™ Reports contains information that can be considered sensitive. Report information is not shared without the company's permission.