cyberriskanalytics.com

What It Is

Cyber Risk Analytics (CRA), provided by Risk Based Security, is positioned as a platform for data breach intelligence, leaked credential monitoring, third-party risk management, and PreBreach risk ratings. It is not a traditional firewall, EDR, or WAF. Instead, it continuously collects and analyzes data breach incidents, internet exposure, and digital hygiene indicators to help organizations assess potential cyber risk across themselves and their supply chain.

Core Capabilities and Protection Types

The platform emphasizes “actionable” threat intelligence. Its data breach database is updated daily, and the source material states that it covers more than 81,130 data breach incidents, tracking metadata such as industry, breach type, threat vector, data type, geography, cost, and more. The PreBreach five-star rating uses a proprietary passive assessment process to evaluate an organization’s external internet-facing security posture and predict the likelihood of future data breaches. Leaked credential monitoring can detect exposed credentials associated with corporate email domains, reducing the risk of unauthorized access caused by password reuse.

Deployment, Management, and Integrations

Deployment is primarily through a SaaS portal, making it suitable for security teams conducting searches, research, and continuous monitoring. From a management perspective, CRA supports vendor due diligence, ongoing monitoring, supply-chain data breach notifications, and leaked credential alerts for email domains. Its integration options are relatively clear: it offers a RESTful API and CSV exports, enabling connection to GRC, ITIL, CMDB, SIEM tools, or existing workflows. This makes it a good fit for mature enterprise risk management processes.

Pricing and Compliance

The website does not disclose specific pricing, plans, usage limits, or trial terms. It only states that users can request a demo and evaluation account, while subscription purchases require contacting RBS for licensing and signing a License Agreement. Before procurement, buyers should carefully confirm data coverage, API call limits, the number of vendors that can be monitored, alert frequency, support level, and contract terms. The source material does not provide information on compliance certifications such as SOC 2, ISO 27001, or GDPR, nor does it mention data residency or SLA commitments.

Pros, Cons, and Who It’s For

Its strengths include broad data breach intelligence coverage, rich metadata fields, and the ability to combine breach events, leaked credentials, vendor monitoring, and insurance risk analysis in one platform. It also provides clear support for cyber insurance underwriting, actuarial modeling, and portfolio management. Its limitations include the proprietary nature of the rating algorithm, which reduces transparency. The terms also state that content is provided “as is” and is not guaranteed to be accurate, complete, or up to date. CRA is best suited for mid-sized to large enterprises that care about third-party risk, supply-chain exposure, insurance underwriting, and prioritizing security investments. Smaller organizations can also use it for vendor assessment, but should weigh the cost carefully.

Access in China and Alternatives

The source material does not provide information about access from mainland China, payment methods, Chinese-language support, or local deployment. Before using it in practice, organizations should test connectivity to the SaaS portal and API, and confirm cross-border data transfer and compliance requirements. If access from China is limited or procurement is inconvenient, it may be worth evaluating international alternatives such as SecurityScorecard, BitSight, Recorded Future, UpGuard, and RiskRecon, or choosing local threat intelligence, vendor risk management, dark web monitoring, and leaked credential monitoring services.