Overview
UpGuard is a cyber risk posture management (CRPM) software platform serving enterprises, financial services firms, and insurance providers. The platform provides unified visibility across vendor supply chains, external attack surfaces, workforces, and customer trust relationships, enabling security teams to identify and remediate exposure before breaches occur.
The CRPM platform is delivered as SaaS and integrates an AI engine -- AI GRID (Global Risk Inference Domains) -- that processes billions of signals using autonomous agents across four risk domains. The platform includes five core modules: Vendor Risk for third-party risk management, Breach Risk for external attack surface monitoring, User Risk for workforce identity and shadow IT visibility, Trust Exchange for security posture sharing, and Risk Automations for API-driven remediation workflows. The company also operates CyberResearch, a fully managed third-party risk monitoring service.
Founded in 2012 by Mike Baukes, UpGuard serves over 45,000 companies globally, including ADP, E*TRADE, Cisco Systems, and Chemist Warehouse. The company raised a USD 75M round in February 2026 (led by Springcoast Capital Partners), bringing total funding to USD 121M. Strategic investor IAG Firemark Ventures -- the corporate VC arm of Australia's largest general insurer -- holds a stake and partners with UpGuard on insurance-focused cyber risk use cases. The CSTAR cybersecurity preparedness score is used by wholesale insurance firms including CRC Insurance Services.
Products & Services
Vendor Risk
Continuous third-party risk management platform for assessing and monitoring vendor ecosystems. Provides automated security questionnaires, vendor discovery, onboarding workflows, and real-time risk scoring across supplier portfolios.
Key Features
- Automated security questionnaire workflows
- Continuous vendor monitoring and risk scoring
- Vendor discovery and onboarding automation
Target Users: Enterprise security teams, procurement, risk officers
Breach Risk
External attack surface management (formerly BreachSight) that monitors an organization's digital footprint for security vulnerabilities, data leaks, and brand risks across website, email, network, phishing, and malware exposures.
Key Features
- Continuous external attack surface scanning
- Data leak detection across the open web
- Brand protection monitoring
Target Users: Security operations, CISOs
User Risk
Human risk management module providing visibility into shadow IT, workforce identity risks, and risky user behaviors. Generally available September 2025.
Key Features
- Shadow IT discovery
- Workforce identity risk scoring
- Policy governance and enforcement
Target Users: IT security, compliance teams
Trust Exchange
Questionnaire automation and trust center portal enabling organizations to share their security posture with partners, customers, and auditors, reducing repetitive assessment workloads. Generally available November 2025.
Key Features
- Shared security posture portal
- Automated questionnaire responses
- Partner/auditor access management
Target Users: Security teams, vendor management, compliance
Risk Automations
API-driven risk discovery and remediation workflows launched January 2026, reducing remediation time from hours to seconds.
Key Features
- Automated risk discovery
- API-driven remediation triggers
- Workflow integrations with enterprise systems
Target Users: Security engineers, DevSecOps
CSTAR
Cybersecurity preparedness score used by enterprises and insurance providers to assess and benchmark cyber risk levels. Used by wholesale insurance firms for underwriting decisions.
Key Features
- Standardized cyber risk scoring
- Insurance underwriting support
- Benchmarking across industries
Target Users: Carriers, brokers, risk underwriters
CyberResearch
Fully managed third-party risk monitoring service with expert analysts providing continuous monitoring for data leaks and instant notification of exposures.
Key Features
- 24/7 expert analyst monitoring
- Data leak detection and notification
- Managed vendor risk reporting
Target Users: Organizations without in-house security resources
At a Glance
- Founded
- 2012
- Headquarters
- Mountain View, California, USA
- Employees
- 201-500
- Funding
- Series C+ (USD 121M total raised)
Category & Focus
- Category
- Specialty Solutions
- Subcategories
- Vendor Risk Management Attack Surface Management Human Risk Management Cyber Risk Scoring
- Insurance Verticals
- P&C Commercial Specialty/E&S
- Target Customers
- Carriers, Brokers, Enterprises
Customers
- ADP
- E*TRADE
- Cisco Systems
- Chemist Warehouse
- St John WA
- Anglo-Eastern
- CRC Insurance Services (insurance underwriting use case)
Similar Companies
-
RobinAPI-driven travel insurance assistance and claims platform for carriers, MGAs, and enterprise clients -
RRoostSmart home telematics and IoT solutions that help property insurers prevent claims and protect policyholders.
-
RiskwolfIf you can measure it. You can insure it. -
SS4 AgtechAgricultural risk analytics platform using satellite data for parametric insurance and crop monitoring.
-
Leadenhall AsiaDigital MGA and Lloyd's Coverholder delivering cloud-based insurance distribution technology for the Asia Pacific market. -
Re-Sure Inc.On-demand, embedded, and parametric insurance solutions powered by blockchain and API-first technology.
Last updated: 2026-04-09