Join our next Boost Your Cybersecurity IQ Skills Session: Top 5 Security Exposures Driving Claims.
Skip To Main Content
Cyber Incident? Get Help
Blog homeCyber InsuranceSecurityExecutive RisksBroker EducationLife at Coalition

Risky Tech Ranking: Q2 2025 Updates

Lucio Fernandez-Arjona
Lucio Fernandez-ArjonaSeptember 05, 2025
Share:
Risky Tech Ranking: Q2 2025 Updates

Coalition’s Risky Tech Ranking is an evolving list of technology providers whose products were vulnerable to exploitation by threat actors. The ranking uses publicly available data to help businesses make better-informed decisions about the technologies they adopt.

At Coalition, we frequently encounter technology products and services that do not adequately safeguard businesses, including those that may become or wish to become Coalition policyholders. Ensuring that only trustworthy technology providers handle an organization’s sensitive electronic information is not only vital for Coalition policyholders, but also serves the broader public interest by contributing to a safer digital environment across the entire technology ecosystem.

The Risky Tech Ranking is updated on a quarterly basis, scoring vendors by multiplying the number of vulnerabilities impacting a vendor’s products by the average Coalition Exploit Scoring System (Coalition ESS) score. Below, we’ll examine noteworthy changes in vendor rankings and overall inputs in Q2 2025.

How the Risky Tech Ranking evolved in Q2

The total number of vendors scored by Coalition in the Risky Tech Ranking increased by 14% in Q2 2025, growing from 7,140 in Q1 to 8,145 in Q2.

The total number of contributing vulnerabilities decreased by 0.1%, dropping from 42,753 in Q1 to 42,716 in Q2. This is the result of a shift in common vulnerabilities and exposures (CVE) reporting patterns over the last five quarters. The previously steady increase in reported CVEs quarter-over-quarter has been replaced by more volatile quarterly numbers, including a drop in Q3 2024 compared to Q2 2024, and another in Q2 2025 compared to Q1 2025.

Vimeo > Activate > Risky Tech Ranking > Tiago Henriques

Changes among the top 5 rankings

Adobe (1)

Adobe fell out of the top 5, dropping from #5 to #6 due to a 45% decrease in its average Coalition ESS score despite a 15% increase in the total number of contributing vulnerabilities

Apache (4)

Apache rose into the top 5, climbing from #8 to #4 due to a 16% increase in the total number of contributing vulnerabilities. 

Apple (1)

Apple jumped from #3 to #2 as a result of a 14% increase in the total number of contributing vulnerabilities. 

Google (3)

Google fell from #2 to #5 due to both a 17% decrease in the total number of contributing vulnerabilities and a 33% decrease in its average Coalition ESS score. 

Linux (1)

Linux jumped from #4 to #3 despite a 10% decrease in the total number of contributing vulnerabilities and a 14% decrease in its average Coalition ESS score, largely driven by more significant decreases among other vendors in the top 5 rankings.

New entries & exits from top 10

Significant movement among the top 30

How the Risky Tech Ranking works and why it’s important

Technology products are frequently released with serious security flaws, putting businesses at risk before they even have a chance to defend themselves. In 2024, cyber criminals exploited more than 3,000 new vulnerabilities per month to carry out ransomware campaigns, steal sensitive data, or establish long-term access to critical systems for future nefarious activity. Consequently, software vulnerabilities were a leading cause of ransomware attacks last year.

The Risky Tech Ranking is designed not only to serve as an educational tool for businesses when making purchasing decisions, but also to push vendors to make their popular technologies more secure.

Vulnerability management is difficult. Every update takes time, testing, and can risk breaking important systems. With thousands of new vulnerabilities reported every month, staying on top of it all is overwhelming, even for teams doing everything right. For small and midsize businesses (SMBs), this task is even harder. SMBs often rely on outside technology and trust that it's secure. But without clear information about vendor security practices, that trust can backfire.

The Risky Tech Ranking helps close that gap by giving businesses better insight into the risks tied to the products they use. Read more about why we built the ranking and the full methodology of how it works.

The Risky Tech Ranking is based on publicly available data and is intended for general, informational purposes only, and not as legal, professional, or consulting advice; use of the Risky Tech Ranking is solely at your own risk. The Risky Tech Ranking is a list of unaffiliated third-party technology providers ranked by a methodology based on Coalition’s Exploit Scoring System (Coalition ESS), which is powered by generative AI, machine learning, and an underlying algorithm that provides assessment of all publicly disclosed vulnerabilities and evaluates a technology vendor's risk based on the exploitability of reported vulnerabilities over a set time period. Coalition disclaims all warranties, express or implied. Risky Tech Ranking results may vary or fluctuate based on factors outside of Coalition's control. See Coalition’s Terms of Use and Privacy Policy for additional information.
This blog post is designed to provide general information on the topic presented and is not intended to construe or render legal or other professional services of any kind. If legal or other professional advice is required, the services of a professional should be sought. The views and opinions expressed as part of this blog post do not necessarily state or reflect those of Coalition. Neither Coalition nor any of its employees make any warranty of any kind, express or implied, or assume any legal liability or responsibility for the accuracy, completeness, or usefulness of any information, product or process disclosed. The blog post may include links to other third-party websites. These links are provided as a convenience only. Coalition does not endorse, have control over nor assumes responsibility or liability for the content, privacy policy or practices of any such third-party websites. 
Copyright © 2025. All rights reserved. Coalition and the Coalition logo are trademarks of Coalition, Inc. All other products and company names are the intellectual property of their respective brand owners.

Tags:

Cyber ThreatsData & InsightsVulnerabilities
Read next blog post

Related blog posts

See all articles
Coalition acknowledges Aboriginal and Torres Strait Islander peoples as the Traditional Custodians of the lands on which we live and work across Australia. We pay our respect to First Nations Elders past, present and emerging.
Logo > Allianz in white with transparent background
MSIG
What We Do

Active Cyber Insurance

Active Tech E&O Insurance

Active Monitoring

Incident Response

Broker Info

Resources

Help Centre

Glossary

Contact Us

Sitemap

Company

About

Careers

Legal

Licenses

Complaints Procedure

Privacy

Disclaimers

Logo > Coalition in white with transparent background

© 2025 Coalition, Inc.

Insurance cover is issued by Coalition Insurance Solutions Pty Ltd (“CIS AU”) (ABN 33 657 140 791, AFSL 539846) under a binding authority given by the insurers, Allianz Australia Insurance Limited (ABN 15 000 122 850, AFSL 234708) and Mitsui Sumitomo Insurance Company (ABN 49 000 525 637, AFSL 240816). This information is of a general nature only and does not take into account any person's particular circumstances. All descriptions of coverage are subject to the terms, conditions, and exclusions of the individual policy. Before making a decision (or advising your client), please refer to the relevant policy wording here or by contacting your broker. CIS AU may receive compensation from an insurer or other intermediary in connection with the sale of insurance cover. See licenses and disclaimers. Copyright © 2025. All rights reserved. Coalition and the Coalition logo are trademarks of Coalition, Inc.