Understand your risks, get ahead of threats.

Gain a 360° view of your security posture and protect against threats with Celcom Cyber Risk Rating. With actionable, data-driven ratings, you can strengthen the security ecosystem of your organisation and your vendors, mitigate cyber risks, eliminate vulnerabilities, and meet compliance standards across different industries. Sign up now to get a FREE 3-month summary report.

What is Cyber Risk Rating?

A Cyber Risk Rating service that offers a holistic, outside-in view of an organisation’s security performance. Cyber Risk Rating empowers you to take proactive measures and eliminate vulnerabilities, strengthening your organisation’s security posture.

cyber-risk-rating-storytelling-1
cyber-risk-rating-storytelling-2

How does it work?

Cyber Risk Rating consistently monitors and assesses your security ecosystem. It uses advanced analytics that rate your security posture across ten groups of risk factors, including Network, Endpoint and Application Security, DNS Health, Patching Cadence and more.

Why it makes business sense

USP Icons
Faster, smarter executive-level decisions

Get detailed, insightful and easy-to-read security and compliance reporting for easier decision-making among board members.

USP Icons
Stakeholder Confidence And Standardisation

Instil confidence and standardisation among management and board members with consistent monitoring and ratings.

USP Icons
Expert Support

One-on-one Q&A, cyber risk remediation support, security issues advisory and awareness training for management and employees.

Why it makes business sense

USP Icons

Faster, smarter executive-level decisions

Get detailed, insightful and easy-to-read security and compliance reporting for easier decision-making among board members.

USP Icons

Stakeholder Confidence And Standardisation

Instil confidence and standardisation among management and board members with consistent monitoring and ratings.

USP Icons

Expert Support

One-on-one Q&A, cyber risk remediation support, security issues advisory and awareness training for management and employees.

cyber-risk-rating-benefit-banner

Strengthen your security posture with a free trial!

Leave your details below and we will be in touch soon.
Celcom Business Enquiry Form
Leave your contact details with us today and we’ll get back to you as soon as possible! 
You may also get in touch with us via our hotline at 019-6011111.
 

Want to know more?

View our FAQ, T&Cs and Specific T&Cs below.

  1. What is Celcom Cyber Risk Rating?

    Cyber Risk Rating is an essential Security Rating standard with a granular view of your security ecosystem’s performance to identify assets exposed on the Internet, security threats and possible attack methods. Cyber Risk Rating:

    • dynamically collects positive and negative signals from the Internet (including the Dark Web) with sensors across applications, network, endpoint security and patching cadence
    • predicts risks using analytics from an advanced machine learning algorithm
    • finds attributes and continuously calculates security ratings based on your vulnerability level, issues and threat indicators.


    A good security rating improves corporate credibility among customers, partners and provides assurance to your organisation’s Board Of Directors via valuable insights and reporting. It is also able to identify third-party vendors’ risk portfolios and security rating and address their risk of cyber attacks.

    Celcom Cyber Risk Rating is powered by SecurityScorecard.


  2. How does Celcom Cyber Risk Rating work?

    Celcom Cyber Risk Rating uses a combination of data points collected organically or purchased from public and private sources and then applies proprietary algorithms to articulate an organisation's security effectiveness as a quantifiable score.


  3. What is Cyber Risk Rating’s scanning process?

    Cyber Risk Rating utilises multiple, non-intrusive security data collection methods that are publicly available. At a higher level, these fall into two technical categories:

    • Passive Surveying Capabilities

      Cyber Risk Rating utilises a network of hundreds of passive sensors that are distributed strategically across the Internet. These sensors introduce a wealth of security intelligence that is used to determine specific threat related findings. The sensors include honeypots and DNS sinkholes that enable Cyber Risk Rating to automate the identification of millions of malware infections that are active at any given time. These findings also allow our security engineers to capture important security findings, reverse engineer malware, identify the command and control domains the malware will register, and tune our network of DNS sinkholes to those domains. Combined, these capabilities provide unrivaled visibility into potential threats to the digital footprint of company represented monthly report.

    • Active Scanning Capabilities

      Cyber Risk Rating utilises multiple publicly sourced active scanning technologies. These scanning capabilities introduce a broad range of security intelligence that is used to assess the security ratings across multiple risk factor areas. Also, Cyber Risk Rating uses other scanning techniques including Google Dorking, Github Dorking, DNS records, SSL certificates, header grabs, and hacker community scanning to identify a wide range of attacks, misconfigurations, and exposed vulnerabilities.


  4. What does a security rating mean?

    Cyber Risk Rating security ratings are easy-to-understand ratings depicted on an A-F scale. They analyse the cyber health of an organisation across ten groups of risk factors. Cyber Risk Rating's statistically robust framework documents the fact that a company with an F-rating is 7.7 times more likely to suffer a consequential breach versus an A-rated company. Certain risk factors, such as application security and patching cadence, are even more indicative of the likelihood of a breach.

    cyber-risk-rating-faq

     


  5. What are the features of Celcom Cyber Risk Rating services?
    • Main Scope of Services
      • Daily Continuous Monitoring (Per Domain)
      • Alerts and notifications on elevated
      • Monitoring for 12 months
      • Free Trial for 3 months with 1 Summary Report
      • Add-On Plan for 3rd Parties (competitors, vendors, partners, suppliers) Cyber Risk Rating monitoring
    • Scheduled Risk Rating Reports
      • Monthly Cyber Risk Rating Summary Report
      • Monthly & Quarterly Cyber Risk Rating Issue(s) Report
      • Monthly Risk Rating Detailed Report
      • On-Demand based Cyber Risk Rating Detailed Report (max 6 times per annum)
    • Advanced Value-Added Services
      • Management or User Cyber Security Awareness Training (4 times per annum)
      • Cyber Risk History Insight (1 time)
      • Cyber Risk Remediation Advisory
      • Unlimited 1-1 Cyber Security Expert Support Q&A
      • Annually Automated External Vulnerability Assessment (Black Box of up to 3 IPs annually)

  6. What are the benefits of Celcom Cyber Risk Rating for customers?

    Cyber Risk Rating enables businesses to continuously monitor and assess their cybersecurity posture and strength of their cyber-defence to protect online assets from hackers.

    An organisation with a good security rating provides assurance and confidence to their customers and ecosystem partners. Poor security ratings indicate that an organisation's data is at risk by highlighting critical gaps in security.

    Just as credit ratings provide insights into organisational financial stability, cybersecurity ratings provide insight into the cybersecurity health and practices of an organisation.

    The benefits for organisations are:
    • Continuous Monitoring. Continuous “outside-in” risk rating and monitoring of the organisation cyber security postures
    • Visibility into Vendor Risk. Advanced analytics to give security teams visibility into areas of risk in the vendor ecosystem and risk portfolios
    • Executive-Level Reporting. Comprehensive Cyber Risk Rating reporting and visibility of the risk posture and ratings to the Board of the Directors.
    • Instill Confidence in Your Prospects and Customers. Continuous monitoring and a good security rating will improve your reputation and increase the confidence of customers and business partners globally.
    • Return on Security Investments. Reports show historical performance and continuous improvement, demonstrate the returns in security investment, and help your organization benchmark cybersecurity performance against industry peers and competitors.

  7. How does Cyber Risk Rating help you reduce your risk?

    Cyber Risk Rating helps you assess your own cyber security posture and that of your business partners and other companies of interest. Your organisation can quickly assess the external security posture of organisations of interest across 10 key risk factors from monthly reports,. You can learn of specific issues uncovered by Cyber Risk Rating that impact your security posture and that of companies in your ecosystem.


  8. Can the public access my organisation’s Cyber Risk Rating on the Internet?
    • The public cannot view the Cyber Risk Rating via the Internet, but organisations rated A can publicly disclose their ratings on the SecurityScorecard website.

    • Organisations are encouraged to publish the “scores” on the their own organisation webpage to improve customer confidence of the organisation’s security level.


  9. How can I improve or upgrade my organisation’s score?

    Customers can contact Celcom for consulting services to improve and resolve security vulnerabilities in order to improve their rating.


  10. How do I start using this service?

    Customers will receive a welcome email for confirmation upon account activation, followed by monthly and quarterly reports.


  11. Is Celcom Cyber Risk Rating available for trial?

    Celcom Cyber Risk Rating offers a 3-month trial. Customers can opt to terminate their subscription within the 3-month period. Customers may contact Celcom Customer Service, Account Manager or Channel Partner for termination of Trial service. If no termination request is received, it is considered the Customer agrees to proceed on an annual subscription basis and will be billed with an annual charge after the end of the trial period.


  12. Is there a minimum number of user licence subscriptions required?

    No, the service is charged based on the number of fully qualified domain names or website domains. The minimum is one domain. Customers may subscribe for additional domain names with “Add-On Domain Plan”.


  13. Can I subscribe if have more than 1 domain?

    Yes, you can subscribe to “Add-on Domain Plan” anytime.


  14. How long does it take to activate the services?

    Service activation requires a maximum of 5 working days.


  15. Is there any upfront payment required for this service?

    It is an annual charge in advance for the annual subscription.


  16. Is there any software installation required prior to using this service?

    No software installation is required.


  17. How do I reset my password?

    This service will only issue reports, no password is required.


  18. When do I have to make payment?

    Subscription to this service will be charged annually at the beginning of the subscription period.


  19. How do I terminate the service?

    Customers may contact Celcom Account Manager / SMB Dealers for subscription termination.

  1. Celcom Cyber Risk Rating solutions consist of main and add-on modules offered on a subscription basis to meet the needs and requirements of a business.

  2. Customers who subscribe to the services shall enjoy the scope of service offered under the Package as stated in the Service Agreement Form (hereinafter referred to as “SAF”).

  3. Celcom reserves the right to change the prices at any time during the contract tenure.

  4. Contract tenures for all packages will be for a period of 12 months. 

  5. Invoices are issued annually.

  6. The prices for Celcom Cyber Risk Rating solutions are based on the modular subscription and the scope of services stated in the SAF.

  7. The Package Value (hereinafter referred to as “PV”) shall be charged based on a full year. 

  8. In the event of early termination, there is no refund if the payment has been made and the Customer shall be subjected to a Termination Fee based on the remaining months of the contract tenure. 

  9. The minimum subscription period for Celcom Cyber Risk Rating solutions is 12 months from the date of activation of the service of the Package (herein defined as “Period of Agreement”). Celcom shall impose an early termination fee for the remaining months out of the Period of Agreement (herein defined as “Termination Fee”). 

  10. Should there be any payment default, the service will be suspended by Celcom and reconnection will happen only after all outstanding payments are cleared. Subscription of the package shall be fully terminated upon failure to settle the outstanding payment(s) after 3 months.

  11. The prices will be subject to a 6% Sales & Service Tax (SST) subscribed by the Customer.

  12. Either Party may at any time terminate the subscription to Celcom Cyber Risk Rating solutions by giving the other Party 30 days prior written notice. Celcom shall not be liable for any compensation and damages towards the Customer in the event Celcom exercises its right to terminate for convenience. However, termination by the Customer prior to the expiry of the Period of Agreement will always be subjected to a Termination Fee as prescribed herein.

  13. The Customer agrees that Celcom’s entire liability in contract, tort (including negligence or breach of statutory duty) or otherwise to the Customer (except for death or personal injury caused by Celcom’s negligence) under this Agreement shall not at any time exceed the sum specified in the SAF (“Limit of Liability”).

  14. Celcom will not be responsible or liable for any claims by the Customer or any third party arising from the act, omission or negligence by the Customer or by the Service Provider.

The Celcom Cyber Risk Rating Solution (“Service”) is made available by Celcom to the Customers subject to these specific terms and conditions for the Service (“Specific Terms and Conditions for Cyber Risk Rating” or “STC for CRR”) which shall always be read together with the General Terms and Conditions for Enterprise Services (“GTC”) published on Celcom’s Website (at https://www.celcom.com.my/legal/terms-and-conditions/business) as of the Effective Date (as defined herein). Nothing in this STC for CRR shall be construed as limiting any other rights Celcom may have under the Agreement unless specifically stated otherwise. The Agreement shall come into effect on the date of execution of the SAF by the Customer (“Effective Date”) and shall continue to be in force until terminated or expires in accordance with the Terms and Conditions (“Term”).

  1. Definitions

    In this STC for CRR, unless the context otherwise requires, the capitalized terms have the meanings assigned to them below and in the GTC

    “Contract Period” means the contract period applicable for each subscription activated by Celcom as specified in the SAF which shall commence from the Service Start Date of the subscription;

    End Users” means (a) the legitimate and authorized employees of Customer OR any third party Customer allows to use the Service; (c) who receives the subscription as the result of the use of the Services and (c) who uses or relies on the Service;

    Billing Account” means an account created by Celcom, for billing purposes, under the Customer’s name for the Service;

    Service Start Date/ Effective Date” means the date on which Celcom activates the subscription for Customer’s use subject to Customer’s compliance with any precondition in accordance with the respective terms and conditions of the Service (if any);

    Termination Fee” means the termination fee payable by Customer to Celcom in the event any subscription is terminated within its respective Contract Period;

    Service” means the services that Celcom has agreed to provide to Customer for the purposes of internal use by Customer as set forth in the SAF and as further detailed in the service proposal and all other relevant documentation (including the deployment sign-off).

  2. Period of Agreement
     
    1. The Service Start Date shall be no later than five (5) Working Days upon received completion of information. Celcom will notify the Customer in writing (via SMS or email) upon Activation of the Service.
    2. The Customer’s subscription to the Service is subject to the Contract Period as specified in the Package details under the SAF.
    3. Upon expiry of the Contract Period and provided that the Customer is not in breach of any terms of the Terms and Conditions, subscription to the Service may be automatically renewed on year to year basis for a period of twelve (12) months with the same Terms and Conditions.
       
  3. Provision of Service
     
    1. The Service is a Cyber security solution provided by Celcom and powered by a third party, SecurityScorecard (“Service Provider”).
    2. This Service is made available for subscription which provide threat monitoring on the life cycle of the digital risk threatening the digital assets and brand, threat alerts and notification of such occurrence.
    3. Customer may refer to Celcom’s designated account manager duly authorised by Celcom, channel managers or dealers for more information regarding the Service and to subscribe to the Service.
    4. Celcom will provide the Service to the Customer in accordance with the Package which particulars are set out in the SAF. Provision of Service is further subject to the commercial terms of the Package subscribed to by the Customer.
    5. Celcom reserves the right not to accept or proceed with the Customer’s application for the Service by issuing the Customer a notice if: (a) the Customer’s SAF is not duly completed and signed; or (b) the Customer fails to provide Celcom with the information requested by Celcom.
    6. An authorization letter issued on behalf of the Customer to request for additional Service issued and signed by the Authorized Signatory or other Customer’s authorized personnel shall be deemed to be given by the Customer.
    7. Customer is required to assign dedicated person in charge and team for escalation related to monthly or quarterly report sharing, billing, operation and maintenance support.
       
  4. Fees, Charges and Payment
     
    1. There is no upfront payment or activation fee required upon registration unless otherwise specified in SAF.
    2. The Customer will be invoiced for the Service from the Service Start Date in the billing frequency as per stated in the SAF ("Billing Frequency").
    3. The Customer shall pay for the subscription on an annual basis (“Annual Service Fees”) for each package subscribed by the Customer as specified in SAF. In addition to the Annual Service Fees, Customer shall also be responsible to pay the Applicable Taxes imposed by applicable laws for the Service.
    4. The Annual Service Fees shall be paid by the Customer to Celcom within thirty (30) days from the date of Invoice from Celcom.
    5. Celcom will impose 1.5% late payment charges for the payment after 30 days from the billing date.
       
  5. Restrictions on Use of Service
     
    1. Customer may not rent, lease, license, transfer, loan or assign the rights to use the Service to any third party. Celcom holds no responsibility or liability for use of the Service by any unauthorized user in the event the Customer allows any third party to use the Service.
    2. The Customer will not have any right, title or interest in the Service apart from the right to use the Service in accordance with the Terms and Conditions.
    3. Customer shall not use the Service:
      1. as a means to monitor the activities of other person without their express consent and authorization or use the Service to harvest personal information about others for any reason;
      2. in a way that is unlawful, invasive of another’s privacy, or inappropriate, or damage Celcom’s reputation or that of a third party;
      3. to victimize, harass, degrade, threaten or intimidate an individual or group of individuals for any reason;
      4. in way that allows Customer to circumvent or disable features or technology used in the Service unless Celcom specifically allow Customer to;
      5. to engage in any activity, outside of what is permitted by the Service, that otherwise interferes with the use and enjoyment of the Service by others; or
      6. to violate Celcom’s or any other persons or entities rights (including intellectual property and other proprietary rights).
         
  6. Celcom’s Rights
     
    1. Without limiting the other rights Celcom may have under the Agreement Celcom hereby reserves the rights to provide any information in relation to the Service and use of the Service by the Customer including but not limited to the web browsing history to the law enforcing agencies as and when required and/or requested by any lawful, regulatory, governmental or statutory authority.
       
  7. Limitation of Liability
     
    1. Pursuant to the nature of the Service which is provided by a third party, and not in derogation of the Terms and Conditions, Celcom excludes any liability and responsibility related to the Service.
    2. Customer agrees that Celcom’s entire liability in contract, tort (including negligence or breach or statutory duty) or otherwise to the Customer (except for death or personal injury caused by Celcom’s negligence) under this Agreement shall not at any time exceed the sum specified in the SAF (“Limit of Liability”).
    3. The Limit of Liability shall not apply to the extent that the liability may not be limited or excluded under applicable laws. Nothing in the Agreement will limit or exclude the Customer’s liability in relation to: (a) damage to Celcom’s property, if any, by the Customer and all costs incurred thereto; (b) Customer’s fraud, fraudulent misrepresentation, gross negligence, violation of applicable laws, or willful default; (c) Customer’s breach of its obligations pertaining to Celcom’s cyber security requirements, personal data protection or confidentiality; (d) Customer’s indemnity obligations; and (e) Customer’s payment obligations.
       
  8. Disclaimer of Liability against the Customer
     
    1. The Service does not protect the Customer:
      1. if arising from Customer’s use of the Services including relating to any inaccuracies, inconsistencies, unreliability or errors in the Service, including any output, data or results generated by the Service;
      2. if arising from any acts or omissions (whether negligent or otherwise) by Service Provider in connection with the Service;
      3. if due to loss or corruption of data caused by the Service, including any misuse of the Service by Customer or Third Party User or any use which is not in accordance with this Agreement;
      4. if caused by Customer’s or Third Party User’s use of a release or version of the Service that is no longer supported by Service Provider or provided hereunder;
      5. if caused by any equipment, software or services not provided by Service Provider, or their combination with or application to the Service or act or omission of Customer or any third party (including Third Party User) when using data enabled apps including those with a proprietary form of encryption;
    2. Celcom will not be responsible or liable for any claims by the Customers or any third party arising from the act, omission or negligence by the Customer or by the Service Provider.
    3. The Limit of Liability shall not apply to the extent that the liability may not be limited or excluded under applicable laws. Nothing in the Agreement will limit or exclude the Customer’s liability in relation to: (a) damage to Celcom’s property, if any, by the Customer and all costs incurred thereto; (b) Customer’s fraud, fraudulent misrepresentation, gross negligence, violation of applicable laws, or willful default; (c) Customer’s breach of its obligations pertaining to Celcom’s cyber security requirements, personal data protection or confidentiality; (d) Customer’s indemnity obligations; and (e) Customer’s payment obligations.
       
  9. Suspension
     
    1. Without limiting other rights Celcom may have under this Agreement, Celcom may suspend immediately, in whole or in part, with or without notice, the Service if:
      1. the Customer does not comply with any instruction or directive issued by Celcom from time to time in compliance with the relevant laws; or
      2. the Customer or any of its agents, officer, directors or employees has committed any act of fraud, misrepresentation, negligence or dishonesty (including the provision of any false or misleading information or the making of any misrepresentation to Celcom or the Subscribers in connection with the Service); and/or
      3. the Customer or any of its agents, officers, directors, or employees has committed any act or omission which may adversely affects the Celcom.
    2. The Service will be suspended in the event the subscription services subscribed by the Customer is suspended in accordance with the Terms and Conditions. No Reconnection Fee is applicable for the Service in the event of reconnection of the subscription services subsequent to the suspension.
       
  10. Termination
    1. Either Party shall be entitled to terminate this Agreement by giving ninety (90) days prior written notice to the other Party without assigning any reason whatsoever. Celcom shall not be liable for any compensation and damages towards the Customer in the event Celcom exercises its right to terminate for convenience in accordance with the Terms and Conditions.
    2. Upon termination of this Agreement:
      1. the Customer’s access to the Service shall immediately cease;
      2. the Customer shall be responsible to settle all outstanding amount due to Celcom in relation to the Agreement incurred up to the date of such termination.
         
  11. Warranty
     
    1. The availability of the Service is subject to the use and availability of Celcom network connection.
    2. As far as Celcom is able to under the law Celcom excludes all representations, warranties, conditions and other terms not expressly stated in these terms, including any implied warranties or conditions as to non-infringement of third party rights and fitness for a particular purpose in relation to the Customer’s use of the Service.
    3. Celcom does not warrant that the Customer’s use of the Service will be error-free, uninterrupted, available at all times, or that it will protect against all possible security threats.
       
  12. Maintenance Support and Problem Reporting
     
    1. For any complaints or queries, Customer may contact the dedicated customer service email at cybersecuritysupport@celcom.com.my
       
  13. Anti-Bribery And Anti-Corruption
    1. The Customer shall comply with Celcom’s Anti-Bribery and Anti-Corruption (“ABAC”) Policy and ABC Terms and Conditions (“ABAC T&C”) as published on Celcom’s website at https://www.celcom.com.my/about-celcom/governance or other uniform resource locator (“URL”) as communicated by Celcom from time to time. Reference to ‘Counterparty’ in the ABAC T&C shall refer to the Customer In the event of any inconsistency between the provisions of the ABAC T&C and the provisions of this Agreement, the former shall prevail to the extent of such inconsistency.