Freshly Funded Startup Grades Fortune 500 on Cyber Risk ‘Credit Scores’

The company just raised millions.

When insurers are determining whether to cover a house, they typically require an inspector to come do a walkthrough. The checkup helps underwriters assess what level of risk they’re taking on, and to draft policies accordingly.

UpGuard (née ScriptRock), a startup based in Mountain View, Calif., offers the digital equivalent of such evaluations for the cybersecurity market. The company’s tech has two components: One that crawls the public web and appraises an organization’s external digital risk factors (currently free of charge), and a second that searches inside a company to rate the quality of its internal system configurations and software (paid).

The firm then spits out reports and FICO-like “credit scores”—on a scale from zero to 950—representing snapshots of a client’s cyber risk.

Get Data Sheet, Fortune’s technology newsletter.

UpGuard will announce a $17 million Series B fundraising round on Thursday, Fortune has learned. The round is co-led by new investor Pelion Venture Partners and existing investor Square Peg Capital with participation from Insurance Australia Group and existing investors, including Valar Ventures and August Capital.

“We give people simple overarching score to communicate risk in a consistent fashion,” says Mike Baukes, co-founder and co-CEO. Baukes started the company with his co-founder, Alan Sharp-Paul, in 2012 after the two had spent years in the financial services industry—predominantly involving compliance governance around M&A activity with large banks—in Australia and the United Kingdom.

“We went to lot of really bad meetings together and got angry together,” Sharp-Paul puts it bluntly. As the world grew more connected and the breaches became more frequent, “it became progressively harder for companies to trust what they have,” he says. So the pair got to work building a solution.

UpGuard has about 100 customers to date, including ADP,Home Depot HD 0.49% , Williams-Sonoma WSM 0.69% , Cisco CSCO 0.13% , Rackspace RAX -0.61% , Allianz, and the New York Stock Exchange. About 15 of those customers have signed up for the company’s “cybersecurity threat assessment reports” in addition to its regular internal assessments.

Christophe Attias, director of operations at Amadeus, a Spanish IT provider for the airline industry, tells Fortunethat his company began using UpGuard to help manage and monitor IT system configuration issues in 2014. (The need for such supervision is underscored by Delta’s DAL -0.81% recent days of flight delays and cancellations.) Amadeus is now in talks to start receiving UpGuard’s security-scanning reports.

Garrett Koehn, president at CRC Insurance, one of the largest wholesale insurance brokers in the United States, tells Fortune that he uses the product to get a glimpse of prospective customer’s security postures. “I can ping, like a hacker does, and effectively look for vulnerabilities to webpages,” he says. At a glance, “that allows us to quickly and easily score companies,” he adds.

The cyber insurance market it heating up. Analysts expect it to hit $7.5 billion by 2020, according to PwC. UpGuard’s competitors include BitSight and Security Scorecard on the security assessment side, and Evolven on the IT configuration side.

Fortune asked Upguard to crunch some numbers on the companies topping this year’s Fortune 500 list. Here’s whatexternal assessments look like for the leaderboard. (Cyber risk score—from zero to 950—in parentheses; higher is better.)

  1. Wal-Mart WMT -2.01% (783)
  2. Exxon Mobil XOM -1.25% (523)
  3. Apple AAPL 0.26% (877)
  4. Berkshire Hathaway BRK.A -0.07% (228)
  5. McKesson MCK -0.30% (304)
  6. UnitedHealth Group UNH -0.09% (362)
  7. CVS Health CVS -0.19% (339)
  8. General Motors GM 0.89% (439)
  9. Ford Motor F 0.49% (430)
  10. AT&T T -0.94% (689)


The data breach risk scores above are based on about 2,000 publicly available data points, according to a document explaining UpGuard’s methodology, shared with Fortune.These include things like making sure the company encrypts traffic with strong ciphers, uses up-to-date software, has valid certificate authorities, applies phishing protections, and keeps employees happy (as determined through sentiment analysis).

The companies with the best scores on the Fortune 500 areAlphabet GOOG -0.27% (931), UPS UPS 0.07% (929), USAA USAA 0.00% (908), Commercial Metals CMC -2.57% (884), S&P Global (884), and J.P. MorganChase JPM -0.14% (881).

UpGuard’s founders stress, unsurprisingly, that the company’s paid internal scans provide an even better indication of a company’s resilience to electronic thievery. The point, says Baukes, is to “understand, discover, and control what you have.”

“And more importantly to fortify it,” he adds.

Read the full article in fortune