What is UpGuard CyberRisk?


UpGuard CyberRisk allows you to monitor and control third-party vendor risk and improve your own external cyber risk posture. The platform comprises of two main modules: UpGuard BreachSight focuses on your external risk posture and Vendor Risk manages the risk posture of your vendors.


The Notifications section shows any outstanding items that you have asked to be notified about. We provide a default set of notification types, but you can also configure your own notifications. For more information, please view our guide on Notifications.

Risk Profile

The Risk Profile section summarizes all identified risks for you and your in-use vendors. Your current overall score along with our overall score’s history over the last 30 days are shown at the top. You can optionally compare your score’s historical performance with the average CSR score of vendors we have profiled and identified to be in the same industry as you. Your identified technical risks and any risky vendors are summarized and categorized below.




Risk categories are sorted by severity, with critical severity items at the top. Categories with no identified risks are listed at the bottom. Each category section can be expanded to the specific risks that contribute to a category and each risk can be further expanded to show the domains or vendors that are identified with that risk.

UpGuard BreachSight

BreachSight focuses on your external risk posture. It reveals technical risks from all of your Internet domains as email address identity exposures from domains under your organization’s control. If you have purchased one of our Data Exposures extension modules you can also review analyst results for potential data leaks.

For more information, please visit What is BreachSight?.

UpGuard Vendor Risk

Vendor Risk focuses on the vendors you currently have in your supply chain, but also allows you to generate instant risk reports for potential vendors. Vendor Risk collects reports on the technical risk posture of your vendors, allows you to request completion of security questionnaires and manages the remediation of technical and questionnaire risks directly with the vendor.

For more information, please visit What is Vendor Risk?