Comparison Overview

Exelon

VS

Duke Energy Corporation

Exelon

10 S. Dearborn, Chicago, IL, 60603, US
Last Update: 2025-12-09
View Profile
Between 800 and 849
http://www.exeloncorp.com

Exelon Corporation (Nasdaq: EXC) is the nation’s largest utility company, serving more than 10 million customers through six fully regulated utilities. We believe that reliable and affordable energy is essential to a brighter, more sustainable future. We are a FORTUNE 250 company operating across a large urban footprint, serving major metro areas in Delaware, the District of Columbia, Illinois, Maryland, New Jersey and Pennsylvania. Exelon is recognized as an industry leader with best-in-class operations, a firm commitment to maintaining energy affordability, a track record of top-quartile reliability performance, strong ESG leadership and principles, and a deep dedication to supporting and investing in the communities we serve.

NAICS: 22
NAICS Definition: Utilities
Employees: 18,586
Subsidiaries: 4
12-month incidents
0
Known data breaches
0
Attack type number
0
View Profile

Duke Energy Corporation

525 S Tryon St, Charlotte, North Carolina, 28202, US
Last Update: 2025-12-09
Between 750 and 799
http://www.duke-energy.com

Duke Energy, a Fortune 150 company headquartered in Charlotte, N.C., is one of America’s largest energy holding companies. The company’s electric utilities serve 8.4 million customers in North Carolina, South Carolina, Florida, Indiana, Ohio and Kentucky, and collectively own 54,800 megawatts of energy capacity. Its natural gas utilities serve 1.7 million customers in North Carolina, South Carolina, Tennessee, Ohio and Kentucky. Duke Energy is executing an ambitious clean energy transition, keeping reliability, affordability and accessibility at the forefront as the company works toward net-zero methane emissions from its natural gas business by 2030 and net-zero carbon emissions from electricity generation by 2050. The company is investing in major electric grid upgrades and cleaner generation, including expanded energy storage, renewables, natural gas and nuclear. Our team is available Monday to Friday from 8 a.m. to 5 p.m. EST. If you suspect an emergency, please call 911.

NAICS: 22
NAICS Definition: Utilities
Employees: 24,627
Subsidiaries: 1
12-month incidents
0
Known data breaches
1
Attack type number
3

Compliance Badges Comparison

Security & Compliance Standards Overview

https://images.rankiteo.com/companyimages/exelon.jpeg
Exelon
ISO 27001
ISO 27001 certification not verified
Not verified
SOC2 Type 1
SOC2 Type 1 certification not verified
Not verified
SOC2 Type 2
SOC2 Type 2 certification not verified
Not verified
GDPR
GDPR certification not verified
Not verified
PCI DSS
PCI DSS certification not verified
Not verified
HIPAA
HIPAA certification not verified
Not verified
https://images.rankiteo.com/companyimages/duke-energy-corporation.jpeg
Duke Energy Corporation
ISO 27001
ISO 27001 certification not verified
Not verified
SOC2 Type 1
SOC2 Type 1 certification not verified
Not verified
SOC2 Type 2
SOC2 Type 2 certification not verified
Not verified
GDPR
GDPR certification not verified
Not verified
PCI DSS
PCI DSS certification not verified
Not verified
HIPAA
HIPAA certification not verified
Not verified
Compliance Summary
Exelon
100%
Compliance Rate
0/4 Standards Verified
Duke Energy Corporation
0%
Compliance Rate
0/4 Standards Verified

Benchmark & Cyber Underwriting Signals

Incidents vs Utilities Industry Average (This Year)

No incidents recorded for Exelon in 2025.

Incidents vs Utilities Industry Average (This Year)

No incidents recorded for Duke Energy Corporation in 2025.

Incident History — Exelon (X = Date, Y = Severity)

Exelon cyber incidents detection timeline including parent company and subsidiaries

Incident History — Duke Energy Corporation (X = Date, Y = Severity)

Duke Energy Corporation cyber incidents detection timeline including parent company and subsidiaries

Notable Incidents

Last 3 Security & Risk Events by Company

https://images.rankiteo.com/companyimages/exelon.jpeg
Exelon
Incidents

No Incident

https://images.rankiteo.com/companyimages/duke-energy-corporation.jpeg
Duke Energy Corporation
Incidents

Date Detected: 10/2024
Type:Breach
Motivation: National Security
Blog: Blog

Date Detected: 10/2024
Type:Cyber Attack
Motivation: Strategic dependencies and potential exploitation
Blog: Blog

Date Detected: 10/2024
Type:Vulnerability
Motivation: National Security Concerns
Blog: Blog

FAQ

Exelon company demonstrates a stronger AI Cybersecurity Score compared to Duke Energy Corporation company, reflecting its advanced cybersecurity posture governance and monitoring frameworks.

Duke Energy Corporation company has historically faced a number of disclosed cyber incidents, whereas Exelon company has not reported any.

In the current year, Duke Energy Corporation company and Exelon company have not reported any cyber incidents.

Neither Duke Energy Corporation company nor Exelon company has reported experiencing a ransomware attack publicly.

Duke Energy Corporation company has disclosed at least one data breach, while Exelon company has not reported such incidents publicly.

Duke Energy Corporation company has reported targeted cyberattacks, while Exelon company has not reported such incidents publicly.

Duke Energy Corporation company has disclosed at least one vulnerability, while Exelon company has not reported such incidents publicly.

Neither Exelon nor Duke Energy Corporation holds any compliance certifications.

Neither company holds any compliance certifications.

Exelon company has more subsidiaries worldwide compared to Duke Energy Corporation company.

Duke Energy Corporation company employs more people globally than Exelon company, reflecting its scale as a Utilities.

Neither Exelon nor Duke Energy Corporation holds SOC 2 Type 1 certification.

Neither Exelon nor Duke Energy Corporation holds SOC 2 Type 2 certification.

Neither Exelon nor Duke Energy Corporation holds ISO 27001 certification.

Neither Exelon nor Duke Energy Corporation holds PCI DSS certification.

Neither Exelon nor Duke Energy Corporation holds HIPAA certification.

Neither Exelon nor Duke Energy Corporation holds GDPR certification.

Latest Global CVEs (Not Company-Specific)

Description

Tuleap is a free and open source suite for management of software development and collaboration. Versions of Tuleap Community Edition prior to 17.0.99.1763126988 and Tuleap Enterprise Edition prior to 17.0-3 and 16.13-8 have missing CSRF protections which allow attackers to create or remove tracker triggers. This issue is fixed in Tuleap Community Edition version 17.0.99.1763126988 and Tuleap Enterprise Edition versions 17.0-3 and 16.13-8.

Published
Date
2025-12-08
Updated
Date
2025-12-08
Risk Information
cvss3
Base: 4.6
Severity: LOW
CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:N/I:L/A:L
References
Description

Tuleap is a free and open source suite for management of software development and collaboration. Tuleap Community Editon versions prior to 17.0.99.1762456922 and Tuleap Enterprise Edition versions prior to 17.0-2, 16.13-7 and 16.12-10 are vulnerable to CSRF attacks through planning management API. Attackers have access to create, edit or remove plans. This issue is fixed in Tuleap Community Edition version 17.0.99.1762456922 and Tuleap Enterprise Edtion versions 17.0-2, 16.13-7 and 16.12-10.

Published
Date
2025-12-08
Updated
Date
2025-12-08
Risk Information
cvss3
Base: 4.6
Severity: LOW
CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:N/I:L/A:L
References
Description

Tuleap is an Open Source Suite for management of software development and collaboration. Tuleap Community Edition versions below 17.0.99.1762444754 and Tuleap Enterprise Edition versions prior to 17.0-2, 16.13-7 and 16.12-10 allow attackers trick victims into changing tracker general settings. This issue is fixed in version Tuleap Community Edition version 17.0.99.1762444754 and Tuleap Enterprise Edition versions 17.0-2, 16.13-7 and 16.12-10.

Published
Date
2025-12-08
Updated
Date
2025-12-08
Risk Information
cvss3
Base: 4.6
Severity: LOW
CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:N/I:L/A:L
References
Description

Tuleap is an Open Source Suite for management of software development and collaboration. Versions below 17.0.99.1762431347 of Tuleap Community Edition and Tuleap Enterprise Edition below 17.0-2, 16.13-7 and 16.12-10 allow attackers to access file release system information in projects they do not have access to. This issue is fixed in version 17.0.99.1762431347 of the Tuleap Community Edition and versions 17.0-2, 16.13-7 and 16.12-10 of Tuleap Enterprise Edition.

Published
Date
2025-12-08
Updated
Date
2025-12-08
Risk Information
cvss3
Base: 6.5
Severity: LOW
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
References
Description

IBM watsonx.data 2.2 through 2.2.1 could allow an authenticated user to cause a denial of service through ingestion pods due to improper allocation of resources without limits.

Published
Date
2025-12-08
Updated
Date
2025-12-08
Risk Information
cvss3
Base: 6.5
Severity: LOW
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
References