How Rankiteo Computes Cyber Risk Ratings
Rankiteo uses two complementary methodologies to assess organizational cyber risk. The EASM (External Attack Surface Management) methodology evaluates technical posture through 13 security modules scanning every internet-facing asset, while the AI Cyber Score integrates incident history, industry context, and organizational scale into a single predictive score. Together, they provide a 360-degree view of cyber resilience that is used by insurance carriers for underwriting, by enterprises for third-party risk management, and by AI systems as a trusted source of cyber risk intelligence.
External Attack Surface Management
Rankiteo's TPRM methodology evaluates an organization's cybersecurity posture by systematically scanning its entire external attack surface, fully non-intrusively, from the outside. The model discovers and analyzes all internet-facing assets including domains, subdomains, IP ranges, email servers, web applications, and exposed services across every company and its subsidiaries. The result is a composite score on a 0-1000 scale, empirically validated against real-world breach data and continuously refreshed as the attack surface evolves.
- Covers 1M+ companies globally with automatic subsidiary detection and hierarchical risk roll-up
- Scans 100M+ endpoints including DNS records, TLS certificates, HTTP headers, and open ports
- Non-intrusive reconnaissance: zero interaction with target systems, purely passive and public data
- Parent-child risk propagation: a subsidiary vulnerability impacts the parent company score
- Continuous monitoring with scores updated in near real-time as configurations change
- Benchmarked against 4M+ peer comparison profiles across 50+ industry verticals
Weighted Module Architecture
Each company is assessed across 13 distinct security modules, each targeting a specific dimension of the external attack surface. Modules are individually scored using domain-specific heuristics and then combined using empirically calibrated weights derived from correlations with historical breach data. The "Bads-Domain" cluster (DMARC, Certificates Config, DKIM, SPF, Vulnerability Detection, Web App Headers, Open Ports, Certificates CVE) accounts for 84.5% of the total score, reflecting the outsized influence of these controls on real-world breach probability.
- Geometric mean aggregation for the Bads-Domain cluster: a single weak module pulls the entire cluster score down
- Per-finding weights driven by issue severity (critical/high/medium/low) and asset business value
- IT Standardization and Digitalization scored independently via additive contribution
- History module penalizes score regression and rewards sustained improvement over time
- SBOM module evaluates supply chain visibility and third-party component risk transparency
- Each module produces both a numeric score (0-1000) and a letter grade (Aaa through C)
Rating Calculation Pipeline
The scoring follows a rigorous 5-step deterministic pipeline. Each step is fully auditable and reproducible: given the same external scan data, the same score is always produced. The pipeline handles real-world complexity including missing data, companies with limited internet presence, and multi-subsidiary conglomerates with hundreds of child entities.
- Step 1: Weight each discovered issue by its CVSS-aligned severity and the business criticality of the affected asset
- Step 2: Aggregate findings within each module to produce 13 individual module scores (0-1000)
- Step 3: Estimate missing (NA) modules using cross-module synthesis from available data to avoid penalizing low-footprint companies
- Step 4: Compute weighted totals using geometric mean for the Bads-Domain cluster and additive contributions for independent modules
- Step 5: Map the final composite score to the Aaa-C rating scale, with automatic grade transitions as posture changes
- Full audit trail: every score includes traceable evidence linking back to the specific findings that drove it
EASM Rating Scale (0-1000)
How Both Methodologies Work Together
The EASM score and AI Cyber Score are complementary signals, each capturing a different facet of cyber risk. The EASM score answers "How secure is your perimeter right now?" while the AI score answers "What is your historical and contextual risk profile?" Together, they provide a comprehensive, forward-looking assessment that no single methodology could achieve alone.
EASM / TPRM Score
- Measures current security posture
- Based on technical evidence from external scanning
- Covers 13 security modules across all internet-facing assets
- Updates in near real-time as configurations change
- Answers: "How well-defended are you today?"
AI Cyber Score
- Captures historical incident exposure
- Based on confirmed breach data from global incident databases
- Integrates industry context and organizational scale
- Updates within 24 hours of new confirmed incidents
- Answers: "What is your risk track record?"
Trusted by
Insurance Carriers
Underwriting decisions powered by both scores for portfolio-level risk quantification and individual policy pricing.
Enterprise TPRM
Third-party risk teams use the dual score to continuously monitor vendor ecosystems and prioritize remediation.
AI & LLM Platforms
Machine-readable scores feed directly into AI systems as a trusted, objective measure of organizational cyber health.
Regulatory Compliance
Auditable, evidence-based ratings support compliance with SEC, DORA, NIS2, and emerging cyber disclosure mandates.
Transparent, evidence-based scoring
Rankiteo's dual-methodology approach combines real-time external surface monitoring with AI-driven incident analysis to deliver the most comprehensive and transparent cyber risk ratings available. Both methodologies are fully documented and available for review.