Online Attack Surface Assessment
Understand what exploitable information exists about your organisation online, who might use it maliciously, and how. An Online Attack Surface Assessment gives you a clear, prioritised picture of your exposure to disinformation, reputational attack, and hostile influence operations - so you can prepare, rather than react.
The threat is not just what exists.
It is what may be produced from it.
Hostile actors research organisations online the same way an intelligence analyst would. They look for exploitable information: data, statements, associations, relationships, and operational details that can be turned into a narrative, a smear, or a coordinated campaign. But they also fabricate. A skilled threat actor does not need a genuine vulnerability to attack — they can construct a plausible story from fragments, amplify it through coordinated networks, and make it stick before you have time to respond.
An Online Attack Surface Assessment maps all three dimensions of this risk: what exploitable information exists about your organisation, who the credible threat actors are and what motivates them, and how your exposure could realistically be used against you — whether through exploitation of real information or fabrication of false narratives.
What is exposed
The information, data, and digital presence across your organisation that is exploitable. Your people, your brand, your assets, your third parties, and the narratives that could be constructed or amplified about you.
Who presents the threat
The threat actors, persons of interest, and groups of interest relevant to your organisation. Their motivations, their capabilities, the methods they have used before, and whether they are likely to act.
How it could be used
The realistic attack scenarios: how your exposure could be exploited, for example, in a disinformation campaign, a coordinated reputational attack, or an influence operation.
What does an online attack surface assessment examine?
Every assessment is scoped with your stakeholders around your specific risk profile, sector, and the entities that matter to you. The following areas form the core of every engagement.
People and leadership. The online footprint of executives, board members, and key individuals. Past statements, associations, financial interests, personal information, leaked data, and what a hostile actor could construct from them, even if the raw material is incomplete.
Brand and reputation. How your organisation is perceived and discussed online, where perception diverges from reality, and where those gaps create opportunities for a hostile narrative to take hold. Includes monitoring for existing hostile content.
Assets and Operations. Operational details, infrastructure information, intellectual property indicators, and supply chain dependencies that are visible online. The kind of information that underpins a targeted operation or informs a fabricated narrative.
Third-Party Exposure. Your suppliers, partners, and portfolio companies have their own online exposure. Their vulnerabilities travel through your ecosystem and can become the entry point for an attack on your organisation.
Threat Actors. We identify the specific threat actors, persons of interest, and groups of interest relevant to your situation. Their motivations, their capabilities, the methods they favour, and any indicators of current or emerging intent.
Narrative Vulnerabilities. The stories that could be told about your organisation, whether grounded in real information or largely fabricated. We assess which narratives are plausible, how they could be constructed and amplified, and how damaging they would be if they gained traction.
Two ways to engage.
Most organisations start with a project assessment. Many move to ongoing monitoring once they see what it surfaces.
1. Single Assessment.
Fixed scope, fixed fee, three to five weeks. You receive the full written assessment, a live briefing, and a prioritised action roadmap. No ongoing commitment. Expedited delivery is available for urgent situations and active crisis support.
2. Continued Attack
Surface Monitoring.
Fixed scope, fixed fee, three to five weeks. You receive the full written assessment, a live briefing, and a prioritised action roadmap. No ongoing commitment. Expedited delivery is available for urgent situations and active crisis support.
Questions about online attack surface assessments.
What is an online attack surface assessment?
An online attack surface assessment is an intelligence-led review of the information, data, narratives, and digital vulnerabilities across an organisation that could be exploited or fabricated by hostile actors in a disinformation campaign, reputational attack, or influence operation. It identifies what is exposed, who poses a credible threat, and how the exposure could realistically be used. It is distinct from a cybersecurity assessment, which focuses on technical vulnerabilities, and from reputation monitoring, which tracks what is already being said rather than what could be weaponised.
How is this different from reputation monitoring or a media audit?
Reputation monitoring and media audits tell you what people are saying about your organisation right now. An online attack surface assessment goes further: it identifies what exploitable information exists, who the credible threat actors are, and how your exposure could be used against you in a targeted operation — including through fabrication of narratives that may have no basis in fact. It is a proactive intelligence exercise, not a reactive listening tool.
We already have cyber security assessments. Do we need an online attack surface assessment as well?
Cyber assessments address technical vulnerabilities: unpatched systems, network exposure, misconfigurations. An online attack surface assessment addresses information and narrative vulnerabilities: the things used in disinformation campaigns, coordinated reputational attacks, and hostile influence operations. They are different threat surfaces requiring different expertise. Organisations exposed to information threats need both.
What kind of organisations need an online attack surface assessment?
Any organisation for which a hostile narrative, a disinformation campaign, or a coordinated reputational attack would be a serious problem. This includes organisations in regulated sectors, those with high-profile leadership, those entering contested markets, those involved in transactions or public-facing decisions, and those that have previously been targeted or have reason to believe they may be.
What if we are already being targeted by disinformation or an influence operation?
We can expedite the assessment to support an active situation, and our Counter-Disinformation Operations service provides real-time response alongside it. The assessment during a live event is valuable because it establishes the full picture of exposure — not just the part currently under attack — which strengthens both the immediate response and the longer-term defensive posture.
Can the assessment be conducted on an ongoing basis?
Yes. Continued Attack Surface Monitoring is the retained version of this service. Your online exposure is reassessed on a regular cycle, integrated with real-time monitoring and alerting, so your organisation always works from the current picture. New information, emerging threat actors, and changes in the digital environment are captured as they arise.
How long does an online attack surface assessment take?
A standard project takes three to five weeks from scoping to briefing, depending on scope. Expedited delivery is available for urgent situations. Retained clients receive ongoing assessments on a cycle agreed with their stakeholders.
The first step is a conversation.
Tell us about your organisation and your concerns. We will let you know whether an assessment is the right next step, and if so, we scope it together.
