UpGuard - Comprehensive Analysis Report

Summary

UpGuard is a leading cybersecurity firm established in 2012, initially known as ScriptRock. The company's core mission is to empower organizations to proactively manage and mitigate technology-related risks, thereby enhancing data security and building trust in the complex digital landscape. UpGuard positions itself as a leader in cyber resilience, primarily focusing on third-party risk management and attack surface management. Its comprehensive platform helps businesses identify, assess, and remediate cybersecurity risks across their vendor ecosystem, attack surface, workforce, and trust relationships. The company is headquartered in Mountain View, California, with additional offices in Sydney, Australia, and Delhi, India.

1. Strategic Focus & Objectives

Core Objectives

UpGuard's main business objectives revolve around providing a sophisticated, cloud-based platform for third-party risk management. The company aims to enable businesses to effectively identify, assess, and remediate cybersecurity risks within their extensive vendor ecosystems, across their attack surface, with their workforce, and through their various trust relationships.

Specialization Areas

UpGuard specializes in delivering an integrated risk platform that unifies cyber risk management across the vendor supply chain, attack surface, and human workforce. Its unique value proposition lies in combining third-party security ratings, security assessment questionnaires, and threat intelligence capabilities to offer businesses a holistic view of their risk exposure. The platform incorporates configuration management, automated security questionnaires, data leak detection, and vulnerability management.

Target Markets

UpGuard primarily targets large enterprises across diverse industries, including financial services, technology, and healthcare. The company has a concentrated focus on markets in North America, Europe, and Asia-Pacific, with its customer base strongest in cybersecurity, third-party risk management (TRM), and collaboration sectors.

2. Financial Overview

Funding History

UpGuard has raised a total of $46.3 million across five funding rounds. This includes two Seed rounds and three Early-Stage rounds.

• Date and amount: The most recent funding was a Series B round on June 07, 2021, securing $19.3 million (equivalent to AUD 25 million).

• Key investors: Notable institutional investors include Pelion Venture Partners, August Capital, IAG (Insurance Australia Group), Valar Ventures, 500 Global, Startmate, NeoXam, SecondQuarter Ventures, Firemark Ventures, and Square Peg Capital.

• Fund utilization: The capital raised is allocated to accelerate product development and support the company's global expansion initiatives.

• Impact on company growth: Since its last funding round in 2016, UpGuard has experienced significant growth, with sales increasing by nearly 129% year over year and new customer acquisition growing by over 179% in 2020 alone.

3. Product Pipeline

Key Products/Services

UpGuard offers an integrated Cyber Risk Posture Management (CRPM) platform that unifies various aspects of cyber risk.

• CRPM Platform (Core offering):

• Description: A comprehensive suite designed to unify cyber risk management across an organization's vendor supply chain, attack surface, and human workforce. It combines comprehensive security ratings, instant risk assessments, templated security questionnaires, and threat intelligence capabilities.

• Development Stage: Actively developed with continuous enhancements and new AI-powered features.

• Target Market/Condition: Organizations seeking a consolidated view of risk to proactively defend against modern cyber threats, particularly those with lean security teams.

• Key Features and Benefits: Offers a unified view of risk, automates responses, reduces manual processing, and provides compliance assurance.

• Breach Risk:

• Description: Focuses on advanced external attack surface monitoring and threat monitoring. It scans the internet and dark web for leaked data associated with an organization, including exposed credentials, data leaks, or misconfigured cloud storage.

• Development Stage: Mature product with ongoing enhancements, including Threat Monitoring capability for faster threat prioritization.

• Target Market/Condition: Businesses aiming to identify and mitigate data breaches early to prevent reputational and legal fallout.

• Key Features and Benefits: Provides complete visibility into the attack surface and helps detect potential leaks early, allowing for quick mitigation.

• Vendor Risk:

• Description: An always-on third-party risk management solution that includes automated assessments and workflows to control supply chain security. It allows organizations to monitor the security of their vendors, track risk scores, and send security questionnaires.

• Development Stage: A category-leading product with continuous innovation. Recently enhanced with AI-powered Managed Vendor Assessments.

• Target Market/Condition: Companies managing dozens to hundreds of vendors, aiming for efficient and scalable vendor oversight.

• Key Features and Benefits: Automates risk scoring, monitoring, and questionnaires, identifies risks faster, conserves resources, and enables focus on remediation.

• User Risk:

• Description: Provides visibility into shadow IT and risky user behavior within an organization.

• Development Stage: Integrated into the broader CRPM platform.

• Target Market/Condition: Organizations looking to understand and mitigate internal human-related cyber risks.

• Key Features and Benefits: Offers situational awareness of employee risk posture with intelligent prompts and scoring.

• Trust Exchange:

• Description: A portal designed to streamline security questionnaire completion and accelerate sales by enabling teams to complete questionnaires up to 95% faster. It uses AI tools and collaboration features.

• Development Stage: Launched in November 2024 with AI-powered enhancements. Available for free to security teams.

• Target Market/Condition: Teams needing to efficiently share security postures and complete security assessments, facilitating sales processes.

• Key Features and Benefits: Removes friction from security assessments, saves time, doubles operational efficiency, and helps prove verifiable security standing.

4. Technology & Innovation

Technology Stack

UpGuard's platform is built around an integrated Cyber Risk Posture Management (CRPM) system.

• Core platforms and technologies: The platform combines security ratings, instant risk assessments, templated security questionnaires, and threat intelligence. It leverages an AI GRID (Global Risk Inference Domains) engine that integrates billions of signals with AI analysts and Agents to offer a live, comprehensive view of an organization's security posture.

• Proprietary developments:

• CSTAR (Cyber Security Threat Assessment Report): A proprietary score offering comprehensive and actionable cybersecurity preparedness insights, assessing the risk of breaches and unplanned outages due to misconfigurations and software vulnerabilities.

• AI-Powered Solutions: Includes Managed Vendor Assessments for faster risk identification and Trust Exchange for streamlined security questionnaire completion.

• Automated Scanning Enhancements: Features Detected Products, which automatically identifies over 23,000 technologies, and Exploit Prediction Scoring System (EPSS) capabilities for enhanced vulnerability scanning and predictive scoring.

• Scientific methodologies: UpGuard employs continuous monitoring, scanning millions of companies and billions of data points daily to identify security exposures. It also uses standards-based scoring (MITRE, NIST, Open FAIR™) in its competitive analysis.

• Technical capabilities: Provides real-time alerts about changes in the security postures of third and fourth-party vendors. It offers a two-tiered API strategy, including an open API based on RESTful principles and an outbound integration mechanism via webhooks, enabling seamless data exchange with other systems.

5. Leadership & Management

Executive Team

• Mike Baukes: Co-Founder & CEO. Mike leads the company's vision and growth. He previously co-founded ScriptRock, Inc., acting as Co-CEO. His cybersecurity research has been featured in publications like The New York Times and The Washington Post.

• Alan Sharp Paul: Co-Founder. Alan co-founded UpGuard and also previously served as Co-CEO.

• Daniel Bradbury: Chief Product Officer. Daniel has served as CPO since January 2017, bringing substantial experience in payments architecture and IT strategy from major financial institutions.

• Harsh Sureka: Chief Operating Officer. Harsh transitioned to COO in February 2021 (previously SVP of Operations), bringing extensive experience in operations and revenue, including from Ola. He optimizes internal processes and drives efficiency.

• Kevin Levine: Chief Financial Officer. Kevin assumed the CFO role in March 2024, with over 23 years of financial leadership expertise in scaling global technology enterprises. His tenure at Appen Limited supported revenue growth over sixfold.

• Jackie Ariston: Chief Revenue Officer. Jackie, previously Senior Vice President of Sales, was appointed CRO in March 2024, leading revenue generation efforts. She is known for driving revenue growth and strategic acumen.

• Spiro Spiroski: Chief Customer Officer. Spiros was appointed to the leadership team in 2020.

• Kaushik Sen: Chief Marketing Officer. Kaushik combines a strong technical foundation in software engineering with extensive marketing strategy experience. He was appointed to the leadership team in 2020.

• Phil Ross: Chief Information Security Officer. Phil joined as CISO in October 2021, leveraging decades of experience in information security and enterprise architecture.

• Mary Fifita: VP, Corporate Development. Mary joined in May 2024, leading strategic initiatives for growth and partnerships.

• Vincent Chuang: General Counsel. Vincent assumed the role of General Counsel in May 2024, contributing legal expertise for global expansion.

• Marcus Waterreus: VP, People.

Recent Leadership Changes

UpGuard has made several significant executive appointments in 2024 to support its new phase of growth and expansion. In March 2024, Harsh Sureka transitioned to Chief Operating Officer, Jackie Ariston was appointed Chief Revenue Officer, and Kevin Levine became Chief Financial Officer. Additionally, Mary Fifita joined as Vice President of Corporate Development and Vincent Chuang as General Counsel in May 2024. These changes bolster the executive team and enhance strategic initiatives.

6. Talent and Growth Indicators

Hiring Trends and Workforce

UpGuard had approximately 300 employees as of 2025, operating with a distributed team model across six continents. The company has a global presence with offices and teams in Mountain View (US HQ), Portland, Denver, Los Angeles, London, Amsterdam, Delhi (India HQ), Sydney (Regional office), Singapore, Ontario, San Diego, Chicago, Miami, Dublin, Belfast, Mumbai, Hobart (Regional office), Manila, Seattle, San Francisco, Baltimore, Austin, Cardiff, Bangalore, and Adelaide.

Company growth trajectory indicators

UpGuard has demonstrated strong growth, including a 179% increase in new customers and 128% growth in overall sales in 2020. The company is continuously recruiting for various roles to support its evolving cybersecurity platform and global expansion.

Employee sentiment and culture insights

UpGuard is recognized as a Great Place to Work® in Australia, India, the UK, and the USA in 2023. An impressive 99% of participating team members affirmed that UpGuard is a great place to work, significantly higher than the typical US-based company average. This reflects the company's strong dedication to its core values and supportive culture.

7. Social Media Presence and Engagement

Digital Footprint

UpGuard maintains an active presence on platforms such as X (formerly Twitter), Facebook, LinkedIn, and YouTube.

Brand messaging and positioning

The company's messaging focuses on protecting the world's data, empowering businesses to manage cybersecurity risk, and offering an integrated platform for a comprehensive view of risk posture. In September 2025, UpGuard refreshed its logo and branding to reflect the sophisticated, unified nature of its new CRPM platform, signaling its commitment to innovation.

Community engagement strategies

UpGuard engages its community through content marketing, including blogs, articles, webinars, and reports on cybersecurity topics, industry trends, and product updates. Their cybersecurity research has been featured in prominent publications, contributing to their thought leadership.

8. Recognition and Awards

Industry Recognition

• World Economic Forum Technology Pioneer: UpGuard was selected as one of the 100 most promising Technology Pioneers of 2021 by the World Economic Forum for its contributions to cybersecurity.

• G2 Market Leader: Consistently ranked as the #1 Third-Party & Supplier Risk Management Software by G2 for fourteen consecutive quarters (as of late 2025). It is also recognized as a market leader in TPRM, Vendor Security and Privacy Assessment, and IT Risk Management. As of the G2 Spring Report 2024, UpGuard has held its #1 position for seven consecutive quarters.

• Customer Satisfaction: Achieved exceptional customer satisfaction scores on G2, with a 95% rating for product direction and a 94% rating for ease of use. 98% of customers gave 4 or 5-star ratings.

• Great Place to Work® Certification: Certified as a Great Place to Work® in Australia, India, the UK, and the USA in 2023, with 99% of team members rating it highly. UpGuard was recognized as one of Australia's Best Workplaces in the Technology sector in 2024.

• Cybersecurity Excellence Awards: Recognized for its CSTAR (Cyber Security Threat Assessment Report), lauded as a comprehensive and actionable cybersecurity preparedness score for enterprises.

• Gartner® Market Guide: Named as a Representative Vendor in the 2022 Gartner Market Guide for IT Vendor Risk Management (IT VRM) Solutions across GRC/VRM and Risk Exchange or Marketplace categories.

9. Competitive Analysis

Major Competitors

UpGuard operates in a competitive cybersecurity market, particularly in third-party risk management and attack surface management.

• SecurityScorecard: Offers extensive data collection and continuous monitoring of cybersecurity posture. Users sometimes report inaccurate attribution or misflagged IPs.

• BitSight: A global leader in cyber risk intelligence, leveraging AI and external cybersecurity data for objective security ratings. It is recognized for malware and botnet reporting, though attribution challenges sometimes require support. Bitsight's VRM capabilities require a separately licensed module for assessments.

• Vanta: Focuses on automating security and compliance processes for frameworks like HIPAA, GDPR, SOC 2, and ISO 27001. Vanta is geared towards automating evidence collection and documentation.

• RiskRecon: Known for accurate asset attribution in first-party scanning and reliable risk data reports. However, its involvement in third and fourth-party risk management beyond scanning is limited, often relying on partner integrations for assessment workflows.

• Panorays: Offers external risk monitoring and third-party risk assessments, emphasizing an intuitive interface and often a free account option.

• Other Competitors: Include ComplyScore by Atlas Systems, Sprinto, AuditBoard, Venminder, CyberGRX (under ProcessUnity), Secureframe, Drata, Prevalent, Recorded Future, Zscaler, SafeBase, ThreatConnect, Mitratech Prevalent, ServiceNow Vendor Risk Management, Archer, and Tripwire.

UpGuard is strong in data leak detection and vendor risk assessment, offering an end-to-end workflow for the Third-Party Risk Management lifecycle. Some competitors,