Home

Vulnerability Severity Ratings



Vulnerability Severity Level Score Range Exposure Score Credibility Urgency
Beyond high Critical 9.0-10.0 300+ 5 1.0
high High 7.0-8.9 200-300 3-4 0.8-0.9
Moderate Medium 4.0-6.9 100-200 2-3 0.5-0.7
Basic Low 0.1-3.9 0-100 1-2 0.2-0.4
No rating None 0.0 0 0 0.0






Cybervulnerabilty score



In this digitalized world we live in, data is the new currency and driver for all businesses. This change in business landscape presents new risks and threats to be remediated. Cybervulnerabilty index is the first step in this remediation and mitigation process by identifying existing threats and making them transparent.
The Cybervulnerabilty index is based on data collected from publicly available sources in the dark web, deep web and data breaches. From that data, signs of sensitive disclosure, exposed credentials a nd hacker group activity against a company are identified. Companies are ranked based on the number of findings and the risk that the findings represent.







Autolycus Score Level



Accumulated risk reflects the sum total of indicated risk (shown in the first graph) over the course of the preceding 12 months. For comparisons of different organisations, we also use a cyber exposure score that is calculated by dividing indicated risk by the number of the organisation's employees.



300+
  • Score: Extreme Exposure. Typically the organisation has already been breached at this level.
  • Risk: Compliance, reputation & operative
  • Recommendation: Conduct immediate asset discovery, vulnerability management and exposure assessment. Start incident reponse procedures and perform follow-ups. Immediately notify data protection and compliance officers and prepare for crisis communications.
200-300
  • Score: Very High Exposure. Typically the organisation has either been breached, or hacker groups are actively targeting it.
  • Risk: Compliance, reputation & operative
  • Recommendation: Conduct immediate asset discovery, vulnerability management and exposure assessment. Immediately notify data protection and compliance officers and prepare for crisis communications
100-200
  • Score: High Exposure. Typically the organisation has a large amount of exposed clients, accounts and data at this level.
  • Risk: Compliance & operative (emerging risks like phishing and targeted attacks)
  • Recommendation: Conduct immediate asset discovery, vulnerability management and exposure assessment. Notify data protection and compliance officers.
0-100
  • Score: Moderate Exposure. Typically the organisation has a moderate amount of exposed clients, accounts and data at this level.
  • Risk: Compliance & operative
  • Recommendation: Conduct exposure assessment to discover the exposure’s content and impact. Immediately notify data protection and compliance officers.
0
  • Score: Low Exposure. Typically the organisation has no automatically identified exposure risks. Some organisations usually discover exposure by using a wider range of search criteria.
  • Risk: Compliance
  • Recommendation: Conduct exposure assessment if there are unidentified events matching the given domain names. We advise monitoring the organisation’s cyber exposure as well as personal accounts. We do provide a free tool, Hacker for Business, for this purpose