The Risk Signals in our report are based on four criticality ratings. These categories are part of our assessment criteria and indicate how at risk a company is to a cyber attack.
Critical - A cybersecurity issue has been identified that requires immediate attention due to the high level of exposure and potential impact on the company. Critical issues indicate that an attack has already happened, is ongoing or is highly likely, such as a company that was ransomed, very recently hacked employee devices, open databases, and servers that could be vulnerable to ‘zero-day’ vulnerabilities.
High - A cybersecurity issue that is less urgent than ‘critical’, but still of concern and should be investigated due to the high level of exposure and potential impact, such as high-risk open services or recent stolen employee or customer login credentials.
Medium - A cybersecurity concern that requires attention but is less urgent. The potential impact isn’t as threatening, and the level of exposure isn’t as high, such as medium-risk vulnerabilities, low-risk open services or a small number of leaked data records.
Low - A cybersecurity concern that poses a low risk and should be noted but may not require attention. The potential for impact is low, and it doesn’t indicate that an attack is likely at this stage, such as a small volume of leaked employee records or low-risk vulnerabilities.
Was this article helpful?
That’s Great!
Thank you for your feedback
Sorry! We couldn't be helpful
Thank you for your feedback
Feedback sent
We appreciate your effort and will try to fix the article