.svg)
.svg)
🔎 Major Findings Across Sectors
- Canva the popular and innovative on-line design tool achieved a score of 60%, which still ranks as a sub-par performance overall, despite leading the SaaS and dev tools category.
- Major brands marketing brands had serious failings with cybersecurity defences, making them wide-open to content abuse, PII theft, account take over and other threats to customer data.
- More serious failings included lack of protection for logins and exposure to account take-over which would gain access to the account, along with its PII and customer data.
- SaaS vendors are often subject to fake account creation, which uses thousands of fake accounts to abuse the SaaS services or data, which are usually offered free on a trial-basis. .
⚠️ Threats & Weaknesses
- The weaker services mostly showed exposure to account take-over attacks, which could lead to a major breach and compromised accounts
- On the worst performing domains, automated bots were able to scan, map, and interact with authentication services without encountering rate limits, anomaly detection, or session validation controls. Infiltration rates reached up to 95% on some domains, confirming a near-total absence of active defensive interception.
- In many sites no behavioural response to bot-generated input or repeated access attempts was detected. Although all sites had Web Application Firewalls (WAFs) deployed, our simulations were able to complete reconnaissance and interaction phases without challenge - highlighting the limitations of legacy, perimeter-centric defence strategies.
🔓 Unlocking Results
VerifiedThreat assessments highlight which organisations:
- ✅ Have robust, resilient defences
- ⚠️ Are at risk of automation and bot-based exploitation
- 🚨 Face critical vulnerabilities if left unchecked
💡 Why This Matters
Understanding sector dynamics allows businesses to:
- Benchmark against industry peers
- Prioritise investment in external defence
- Strengthen customer trust by closing exposure gaps
