Control third-party risk and improve your cyber security posture.


UpGuard CyberRisk allows you to monitor and control third-party vendor risk and improve your own external cyber risk posture. The platform comprises of two main modules: BreachSight focuses on your external risk posture and Vendor Risks manages the risk posture of your vendors.


The CyberRisk Dashboard provides a high level summary of all risks and CSR scores across your own assets and the risk posture detected for your vendors.


The Notifications section shows any outstanding items that you have asked to be notified about. We provide a default set of notification types, but you can also configure your own notifications. For more information, please view our guide on Notifications.

The Vendor Breakdown section shows a breakdown of the overall scores of all vendors you are currently monitoring.

Your Score provides a single place to view your overall CSR score, which combines all risk scoring detected with your external assets as well as any technical and questionnaire based risks identified with your in-use vendors. The score change indicator shows how much your score has varied between 30 days ago and now. The chart also shows a daily increment of how your overall score has trended over that 30 day period.

Risk Profile

The Risk Profile section summarizes all identified risks for you and your in-use vendors. Your current overall score along with our overall score’s history over the last 30 days are shown at the top. You can optionally compare your score’s historical performance with the average CSR score of vendors we have profiled and identified to be in the same industry as you. Your identified technical risks and any risky vendors are summarized and categorized below.


Risk categories are sorted by severity, with critical serverity items at the top. Categories with no identified risks are listed at the bottom. Each category section can be expanded to the specific risks that contribute to a category and each risk can be further expanded to show the domains or vendors that are identified with that risk.

  • Critical Severity Risks
  • High Severity Risks
  • Medium Severity Risks
  • Low Severity Risks
  • No Identified Risks


BreachSight focuses on your external risk posture. It provides a accumulation of technical external risks from all of your internet domains as well as any record of email address identity exposures from email addresses from domains under your organization’s control. If you have purchased one of our Data Exposures extension modules you can also review analyst results for potential data leaks.

For more information, please visit What is BreachSight?.

Vendor Risk

Vendor Risk focuses on the vendors you currently have in your supply chain, but also allows you to generate instant external risk reports on potential vendors. Vendor Risk collects reports on the technical risk posture of your vendors, allows you to request completion of security questionnaires and manages the remediation of technical and questionnaire risks directly with the vendor.

For more information, please visit What is Vendor Risk?