What are examples of low, medium, high and critical Risk Signals?

Created by Charley Downey, Modified on Fri, 22 Mar at 12:54 PM by Charley Downey

The Risk Signals in our report are based on four criticality ratings. These categories are part of our assessment criteria and indicate how at risk a company is to a cyber attack.


Critical - A cybersecurity issue has been identified that requires immediate attention due to the high level of exposure and potential impact on the company. Critical issues indicate that an attack has already happened, is ongoing or is highly likely, such as a company that was ransomed, very recently hacked employee devices, open databases, and servers that could be vulnerable to ‘zero-day’ vulnerabilities.


High - A cybersecurity issue that is less urgent than ‘critical’, but still of concern and should be investigated due to the high level of exposure and potential impact, such as high-risk open services or recent stolen employee or customer login credentials.


Medium - A cybersecurity concern that requires attention but is less urgent. The potential impact isn’t as threatening, and the level of exposure isn’t as high, such as medium-risk vulnerabilities, low-risk open services or a small number of leaked data records.


Low - A cybersecurity concern that poses a low risk and should be noted but may not require attention. The potential for impact is low, and it doesn’t indicate that an attack is likely at this stage, such as a small volume of leaked employee records or low-risk vulnerabilities.

Was this article helpful?

That’s Great!

Thank you for your feedback

Sorry! We couldn't be helpful

Thank you for your feedback

Let us know how can we improve this article!

Select at least one of the reasons
CAPTCHA verification is required.

Feedback sent

We appreciate your effort and will try to fix the article