What is Cyber Exposure Index

In this digitalized world we live in, data is the new currency and driver for all businesses. This change in business landscape presents new risks and threats to be remediated. Cyber Exposure Index is the first step in this remediation and mitigation process by identifying existing threats and making them transparent.

The Cyber Exposure Index is based on data collected from publicly available sources in the dark web, deep web and data breaches. From that data, signs of sensitive disclosure, exposed credentials and hacker group activity against a company are identified. Companies are ranked based on the number of findings and the risk that the findings represent.

Exposed Information


In today’s digital age, our interactions with technology frequently generate a digital footprint, which includes logs and data traces. This data, whether intentionally or unintentionally leaked by individuals, exploited by hostile actors, or exposed due to system flaws, contributes to what is known as ‘Cyber Exposure’. This term refers to any exposed information and digital assets associated with individuals or companies that, if misused, would be harmful to them.

Sensitive and Exploitable data


The Cyber Exposure Index gives a clear and easy measure of a company’s Cyber Exposure, which is divided into 12 types of sensitive and exploitable data.

  • Cleartext Passwords
  • Encrypted Passwords
  • Data Breach
  • Black Markets
  • Discussions
  • Internal Malware
  • External Malware
  • Source Code
  • Email Content
  • Targeting Lists
  • IT Infrastructure Information
  • Other

Measuring Cyber Exposure


A company’s Cyber Exposure is expressed in two ways; the Exposure Difference and the Exposure Similarity. Both scores compare the company to its industry but provide distinct insights.

Exposure Difference


This score compares a company’s overall exposure level to the exposure level of its industry. The company’s Exposure Difference is determined by calculating the ratio of its total exposure records to its employee count, and comparing this to the equivalent ratio in its industry. This comparison uses a logarithmic scale. 

Exposure Similarity


The Exposure Similarity compares the company’s Cyber Exposure profile, which include the 12 data types, to the profile of its industry. The score ranges from 0 to 100%, with 0% indicating no similarity and 100% indicating that the profiles’ exposure category proportions are identical. 

This metric aids in determining how closely two exposure profiles are related. Two companies in the same industry with similar exposure profiles will confront similar cybersecurity challenges or threats. A low similarity, on the other hand, suggests very different cyber risk landscapes. 

Cyber Threat increase


Cyber Exposure poses significant risks, particularly when exploited by threat actors. As Cyber Exposure increases, so does the potential for Cyber Threats. 

Examples of threats for individuals:

  • Unauthorized access to multiple accounts 
  • Sophisticated phishing campaigns
  • Identity theft 

Examples of threats for companies:

  • Internal network infiltration 
  • Ransomware attacks 
  • Unauthorized transactions

Security Measures


Understanding and managing Cyber Exposure is vital in safeguarding against cybersecurity threats. The index does not provide a direct measure of a company’s actual risk because it does not account for any existing security measures. It is however a timely reminder of the significance of cybersecurity. 

Financial Impact


The security of a company’s information and assets is more than just an IT concern in a world where data breaches are commonplace and costly. Cybersecurity is a critical aspect that can have a considerable impact on the company’s financial stability and shareholder value. Ignorance can lead to losses or jeopardize the company’s existence.