Vendor Risk Management: Account Takeover (ATO) Score
Understand the Sendmarc Vendor Risk Management and ATO Risk column and scoring.
Sendmarc Vendor Risk Management Account Takeover (ATO) Scoring measures the extent to which a vendor's employees are exposed to credential theft and active device compromise.
This is then weighted by the recency of the threats detected. In short, ATO Scoring helps us determine how likely it is that one of a vendor's accounts could be taken over.
This is then weighted by the recency of the threats detected. In short, ATO Scoring helps us determine how likely it is that one of a vendor's accounts could be taken over.

The above image illustrates a High Risk ATO Score based on the Infection Footprint and Credential exposure, combined with the recency of the detected data.
How the Score is Calculated:
The score combines 3 Signals- Infection Footprint - This shows how many of the vendor's staff sign in from an active device compromise, i.e., infected machines or infostealer activity.
- Credential Exposure - This shows us how many of the vendor's staff have working email + password combinations exposed in breach data (phishing, credential dumps, combolists).
- Recency - recent threats count more. Showcases recent threats, counts anything seen in the last 30 days, counts in full; older signals taper the score down over time.
Core Rationale
Vendors are a common back door into any organisation. Surfacing ATO risk per vendor whilst making it filterable, lets Sendmarc and Abnormal shared customers spot their most exposed vendors at a glance and prioritise who to chase or mitigate first. This is especially important for authorized vendors businesses transact with frequently.
Need Help?
support@sendmarc.com is standing by to assist!