Comparison Overview

Q: Between HBL company and Maybank company, which one has the best AI Cybersecurity Score ?

Maybank company demonstrates a stronger AI Cybersecurity Score compared to HBL company, reflecting its advanced cybersecurity posture governance and monitoring frameworks.

Q: Between HBL company and Maybank company, which one has experienced more cyber incidents in the past ?

HBL company has historically faced a number of disclosed cyber incidents, whereas Maybank company has not reported any.

Q: Between HBL company and Maybank company, which one has experienced more cyber incidents this year ?

In the current year, Maybank company and HBL company have not reported any cyber incidents.

Q: Between HBL company and Maybank company, which one has experienced at least one ransomware attack ?

Neither Maybank company nor HBL company has reported experiencing a ransomware attack publicly.

Q: Between HBL company and Maybank company, which one has experienced at least one data breach ?

HBL company has disclosed at least one data breach, while the other Maybank company has not reported such incidents publicly.

Q: Between HBL company and Maybank company, which one has experienced at least one targeted cyberattack ?

Neither Maybank company nor HBL company has reported experiencing targeted cyberattacks publicly.

Q: Between HBL company and Maybank company, which one has experienced at least one vulnerability ?

Neither HBL company nor Maybank company has reported experiencing or disclosing vulnerabilities publicly.

Q: Between HBL company and Maybank company, which one holds the most compliance certifications ?

Neither HBL nor Maybank holds any compliance certifications.

Q: Between HBL company and Maybank company, which one has the most subsidiaries ?

Neither HBL company nor Maybank company has publicly disclosed detailed information about the number of their subsidiaries.

HBL

HBL Plaza, I I Chundigar Rd., Karachi, PK

Last Update: 2025-11-27

View Profile

Between 750 and 799

http://www.hbl.com

HBL, Pakistan’s leading Bank, was the first commercial Bank to be established in Pakistan in 1947. Over the years, HBL has grown its branch network and maintained its position as the largest private sector Bank in Pakistan with over 1,728+ branches and 2,300+ ATMs globally, serving 37million+ clients worldwide. HBL will never ask for customer's personal data on public platforms. Please avoid sharing such data via social media.

NAICS: 52211

NAICS Definition: Commercial Banking

Employees: 21,194

Subsidiaries: 0

12-month incidents

0

Known data breaches

1

Attack type number

1

View Profile

Maybank

100 Jalan Tun Perak, Kuala Lumpur, Wilayah Persekutuan, MY, 50050

Last Update: 2025-11-23

Between 800 and 849

http://www.maybank.com

Maybank Group is the leading financial services provider in Malaysia catering to the needs of consumers, investors, entrepreneurs, non-profit organisations and corporations. The Group, which has expanded internationally, has the largest network among Malaysian banks of over 2,400 branches and offices in 20 countries, employing over 44,000 Maybankers and serving over 22 million customers. It is the only regional bank with a presence in all 10 ASEAN countries (as of November 2016). By strengthening our core business and franchise, we gain competitive advantage by achieving synergies across our diverse group. Domestically we aim to achieve leadership across key and profitable segments. Internationally we capture value from new investments and continue to pursue organic expansion by delivering innovation and superior customer value. We are a top recruiter of talent and view our leadership pool and talent pipeline as key to realising our aspirations. We constantly seek to enhance performance management and achieve cost optimisation by focusing on effective IT operations and enhancing employee productivity. Maybank & Maybank Islamic are members of PIDM in Malaysia.

NAICS: 52211

NAICS Definition: Commercial Banking

Employees: 26,164

Subsidiaries: 0

12-month incidents

0

Known data breaches

0

Attack type number

0

https://images.rankiteo.com/companyimages/hblofficial.jpeg

HBL

—

ISO 27001

Not verified

—

SOC2 Type 1

Not verified

—

SOC2 Type 2

Not verified

—

GDPR

Not verified

—

PCI DSS

Not verified

—

HIPAA

Not verified

Maybank

—

ISO 27001

Not verified

—

SOC2 Type 1

Not verified

—

SOC2 Type 2

Not verified

—

GDPR

Not verified

—

PCI DSS

Not verified

—

HIPAA

Not verified

Incidents vs Banking Industry Average (This Year)

No incidents recorded for HBL in 2025.

Incidents vs Banking Industry Average (This Year)

No incidents recorded for Maybank in 2025.

Incident History — HBL (X = Date, Y = Severity)

HBL cyber incidents detection timeline including parent company and subsidiaries

Incident History — Maybank (X = Date, Y = Severity)

Maybank cyber incidents detection timeline including parent company and subsidiaries

HBL

Incidents

Date Detected: 12/2017

Type:Breach

Attack Vector: ATM Skimming

Motivation: Financial Gain

Blog: Blog

Maybank

Incidents

No Incident

Maybank company demonstrates a stronger AI Cybersecurity Score compared to HBL company, reflecting its advanced cybersecurity posture governance and monitoring frameworks.

HBL company has historically faced a number of disclosed cyber incidents, whereas Maybank company has not reported any.

In the current year, Maybank company and HBL company have not reported any cyber incidents.

Neither Maybank company nor HBL company has reported experiencing a ransomware attack publicly.

HBL company has disclosed at least one data breach, while the other Maybank company has not reported such incidents publicly.

Neither Maybank company nor HBL company has reported experiencing targeted cyberattacks publicly.

Neither HBL company nor Maybank company has reported experiencing or disclosing vulnerabilities publicly.

Neither HBL nor Maybank holds any compliance certifications.

Neither company holds any compliance certifications.

Neither HBL company nor Maybank company has publicly disclosed detailed information about the number of their subsidiaries.

Maybank company employs more people globally than HBL company, reflecting its scale as a Banking.

Neither HBL nor Maybank holds SOC 2 Type 1 certification.

Neither HBL nor Maybank holds SOC 2 Type 2 certification.

Neither HBL nor Maybank holds ISO 27001 certification.

Neither HBL nor Maybank holds PCI DSS certification.

Neither HBL nor Maybank holds HIPAA certification.

Neither HBL nor Maybank holds GDPR certification.

Description

Angular is a development platform for building mobile and desktop web applications using TypeScript/JavaScript and other languages. Prior to versions 19.2.16, 20.3.14, and 21.0.1, there is a XSRF token leakage via protocol-relative URLs in angular HTTP clients. The vulnerability is a Credential Leak by App Logic that leads to the unauthorized disclosure of the Cross-Site Request Forgery (XSRF) token to an attacker-controlled domain. Angular's HttpClient has a built-in XSRF protection mechanism that works by checking if a request URL starts with a protocol (http:// or https://) to determine if it is cross-origin. If the URL starts with protocol-relative URL (//), it is incorrectly treated as a same-origin request, and the XSRF token is automatically added to the X-XSRF-TOKEN header. This issue has been patched in versions 19.2.16, 20.3.14, and 21.0.1. A workaround for this issue involves avoiding using protocol-relative URLs (URLs starting with //) in HttpClient requests. All backend communication URLs should be hardcoded as relative paths (starting with a single /) or fully qualified, trusted absolute URLs.

Published

Date

2025-11-26

Updated

Date

2025-11-26

Risk Information

cvss4

Base: 7.7

Severity: LOW

CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:N/SC:H/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X

References

Description

Forge (also called `node-forge`) is a native implementation of Transport Layer Security in JavaScript. An Uncontrolled Recursion vulnerability in node-forge versions 1.3.1 and below enables remote, unauthenticated attackers to craft deep ASN.1 structures that trigger unbounded recursive parsing. This leads to a Denial-of-Service (DoS) via stack exhaustion when parsing untrusted DER inputs. This issue has been patched in version 1.3.2.

Published

Date

2025-11-26

Updated

Date

2025-11-26

Risk Information

cvss4

Base: 8.7

Severity: LOW

CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X

References

Description

Forge (also called `node-forge`) is a native implementation of Transport Layer Security in JavaScript. An Integer Overflow vulnerability in node-forge versions 1.3.1 and below enables remote, unauthenticated attackers to craft ASN.1 structures containing OIDs with oversized arcs. These arcs may be decoded as smaller, trusted OIDs due to 32-bit bitwise truncation, enabling the bypass of downstream OID-based security decisions. This issue has been patched in version 1.3.2.

Published

Date

2025-11-26

Updated

Date

2025-11-26

Risk Information

cvss4

Base: 6.3

Severity: LOW

CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X

References

Description

Suricata is a network IDS, IPS and NSM engine developed by the OISF (Open Information Security Foundation) and the Suricata community. Prior to versions 7.0.13 and 8.0.2, working with large buffers in Lua scripts can lead to a stack overflow. Users of Lua rules and output scripts may be affected when working with large buffers. This includes a rule passing a large buffer to a Lua script. This issue has been patched in versions 7.0.13 and 8.0.2. A workaround for this issue involves disabling Lua rules and output scripts, or making sure limits, such as stream.depth.reassembly and HTTP response body limits (response-body-limit), are set to less than half the stack size.

Published

Date

2025-11-26

Updated

Date

2025-11-26

Risk Information

cvss3

Base: 7.5

Severity: LOW

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

References

Description

Suricata is a network IDS, IPS and NSM engine developed by the OISF (Open Information Security Foundation) and the Suricata community. In versions from 8.0.0 to before 8.0.2, a NULL dereference can occur when the entropy keyword is used in conjunction with base64_data. This issue has been patched in version 8.0.2. A workaround involves disabling rules that use entropy in conjunction with base64_data.

Published

Date

2025-11-26

Updated

Date

2025-11-26

Risk Information

cvss3

Base: 7.5

Severity: LOW

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

References

Badge your company to reduce your risk score and your cyber insurance costs!

Comparison Overview

HBL

VS

Maybank

HBL

Maybank

Compliance Badges Comparison

Benchmark & Cyber Underwriting Signals

Incidents vs Banking Industry Average (This Year)

Incidents vs Banking Industry Average (This Year)

Incident History — HBL (X = Date, Y = Severity)

Incident History — Maybank (X = Date, Y = Severity)

Notable Incidents

No Incident

FAQ

Latest Global CVEs (Not Company-Specific)

CVE-2025-66035

Risk Information

CVE-2025-66031

Risk Information

CVE-2025-66030

Risk Information

CVE-2025-64344

Risk Information

CVE-2025-64335

Risk Information

Badge your company to reduce your risk score and your cyber insurance costs!

Comparison Overview

HBL

VS

Maybank

HBL

Maybank

Compliance Badges Comparison

Benchmark & Cyber Underwriting Signals

Incidents vs Banking Industry Average (This Year)

Incidents vs Banking Industry Average (This Year)

Incident History — HBL (X = Date, Y = Severity)

Incident History — Maybank (X = Date, Y = Severity)

Notable Incidents

🔒 Incident : Breach HBL33820323

No Incident

FAQ

Between HBL company and Maybank company, which one has the best AI Cybersecurity Score ?

Between HBL company and Maybank company, which one has experienced more cyber incidents in the past ?

Between HBL company and Maybank company, which one has experienced more cyber incidents this year ?

Between HBL company and Maybank company, which one has experienced at least one ransomware attack ?

Between HBL company and Maybank company, which one has experienced at least one data breach ?

Between HBL company and Maybank company, which one has experienced at least one targeted cyberattack ?

Between HBL company and Maybank company, which one has experienced at least one vulnerability ?

Between HBL company and Maybank company, which one holds the most compliance certifications ?

Between HBL company and Maybank company, which one holds the fewest compliance certifications ?

Between HBL company and Maybank company, which one has the most subsidiaries ?

Between HBL company and Maybank company, which one has the largest number of employees ?

Between HBL and Maybank, which company holds both SOC 2 Type 1 certifications ?

Between HBL and Maybank, which company holds both SOC 2 Type 2 certifications ?

Which company is ISO 27001 certified — HBL or Maybank ?

Which company is PCI DSS compliant — HBL or Maybank ?

Between HBL and Maybank, which company complies with HIPAA regulations for healthcare data ?

Between HBL and Maybank, which company complies with GDPR requirements ?

Latest Global CVEs (Not Company-Specific)

CVE-2025-66035

Risk Information

CVE-2025-66031

Risk Information

CVE-2025-66030

Risk Information

CVE-2025-64344

Risk Information

CVE-2025-64335

Risk Information