How UpGuard Introduces New Risks and Scoring Algorithm Changes

UpGuard’s Cyber Risk Score provides an accurate and evolving view of your organization’s external security posture.

As the threat landscape changes, we continuously enhance how risks are detected, categorized, and scored. This includes introducing new risk detections and occasionally updating the scoring algorithm itself.

Because both types of updates can influence your score, we manage every change with transparency, structure, and direct communication.

Understanding the Difference

It’s important to distinguish between new risks and scoring algorithm changes, as they affect customers in different ways.

New Risks introduce a new detection type - for example, identifying a new exposed service or configuration issue. These typically affect a subset of customers or vendors.
Scoring Algorithm Changes adjust how the Cyber Risk Score is calculated - such as changing risk weightings or improving how the model interprets findings. These affect all customers and vendors across the platform.

Both types of changes follow a structured rollout process designed to minimize disruption and provide time to respond.

Introducing New Risks

When we add new detections to the Cyber Risk platform, they often appear first as provisional risks.

A provisional risk is visible in your dashboard and carries the correct severity (for example, High or Critical), but it does not immediately affect your Cyber Risk Score.

This provisional period allows time to:

Review the new risk
Understand its relevance to your organization
Remediate affected systems before it influences your score

You’ll recognize provisional risks by their name - for example:

“Apache Airflow port open (Provisional)”

After the provisional period, the “(Provisional)” label is removed, and the risk begins contributing to your Cyber Risk Score.

Learn more about Provisional Risks.

Updating the Scoring Algorithm

From time to time, UpGuard updates its scoring algorithm to improve accuracy, fairness, and alignment with evolving cybersecurity best practices.

Because these changes affect all customers and vendors, they’re managed with extra care and visibility.

During a scoring algorithm update, we may:

Run the current and new scoring models in parallel for a defined period before switching over fully
Provide detailed explanations in release notes and email communications
Offer meetings or open office hours with Product Managers to answer questions
Share individualized remediation guidance for customers with significant score changes

These steps ensure every scoring change is predictable, transparent, and well-supported.

Communication and Customer Support

UpGuard communicates all scoring and risk-related updates through multiple channels so you’re never caught off guard:

Release Notes: Announcing new risks, provisional periods, and scoring algorithm changes.
Customer Success Manager (CSM) Outreach: Your CSM will reach out if a change affects your organization, explain the impact, and guide remediation efforts.
Email Notifications: For larger updates, we send detailed summaries and offer opportunities to meet with our Product team.

Reach out to your Customer Success Manager or the Support team via support@upguard.com or from within the platform.

Our Commitment to Transparency

Every change to the Cyber Risk platform - whether a new risk or a scoring algorithm update - goes through our internal scoring comittee for discussion and validation from multiple viewpoints, and to plan a structured rollout process.

We take these steps to ensure that:

Changes are accurate and fair
You have visibility and time to act
You can always reach someone for clarification or support