Comparison Overview

Q: Between Kier Group company and VINCI company, which one has the best AI Cybersecurity Score ?

VINCI company demonstrates a stronger AI Cybersecurity Score compared to Kier Group company, reflecting its advanced cybersecurity posture governance and monitoring frameworks.

Q: Between Kier Group company and VINCI company, which one has experienced more cyber incidents in the past ?

VINCI company has historically faced a number of disclosed cyber incidents, whereas Kier Group company has not reported any.

Q: Between Kier Group company and VINCI company, which one has experienced more cyber incidents this year ?

In the current year, VINCI company and Kier Group company have not reported any cyber incidents.

Q: Between Kier Group company and VINCI company, which one has experienced at least one ransomware attack ?

VINCI company has confirmed experiencing a ransomware attack, while Kier Group company has not reported such incidents publicly.

Q: Between Kier Group company and VINCI company, which one has experienced at least one data breach ?

Neither VINCI company nor Kier Group company has reported experiencing a data breach publicly.

Q: Between Kier Group company and VINCI company, which one has experienced at least one targeted cyberattack ?

Neither VINCI company nor Kier Group company has reported experiencing targeted cyberattacks publicly.

Q: Between Kier Group company and VINCI company, which one has experienced at least one vulnerability ?

Neither Kier Group company nor VINCI company has reported experiencing or disclosing vulnerabilities publicly.

Q: Between Kier Group company and VINCI company, which one holds the most compliance certifications ?

Neither Kier Group nor VINCI holds any compliance certifications.

Q: Between Kier Group company and VINCI company, which one has the most subsidiaries ?

VINCI company has more subsidiaries worldwide compared to Kier Group company.

Kier Group

Cavendish Place, UK, England, GB

Last Update: 2025-12-01

View Profile

Between 750 and 799

http://www.kier.co.uk

Our purpose is to sustainably deliver infrastructure which is vital to the UK. As a leading provider of infrastructure services, construction and property developments, we are committed to delivering for communities and leaving lasting legacies through our work. We are committed to attracting, retaining and progressing talent within Kier, with a diverse, and resilient workforce that reflects the communities we serve. Follow the pages below to find out even more about what we do and the talented people we have within Kier and our supply chains who are helping us to meet our purpose. Kier Construction: https://www.linkedin.com/showcase/kier-construction Kier Transportation: https://www.linkedin.com/showcase/kier-transportation Kier Natural Resources, Nuclear & Networks: https://www.linkedin.com/showcase/kier-natural-resources-nuclear-networks Kier Property: https://www.linkedin.com/showcase/kier-property Kier Places: https://www.linkedin.com/showcase/kierplaces www.kier.co.uk

NAICS: 23

NAICS Definition: Construction

Employees: 10,656

Subsidiaries: 5

12-month incidents

0

Known data breaches

0

Attack type number

0

View Profile

VINCI

Last Update: 2025-12-01

Between 800 and 849

http://www.vinci.com

VINCI is a world leader in concessions, energy and construction, employing 280.000 people in some 120 countries. We design, finance, build and operate infrastructure and facilities that help improve daily life and mobility for all. Because we believe in all-round performance, above and beyond economic results, we are committed to operating in an environmentally and socially responsible manner. You can be part of projects that bring lasting change to urban ecosystems and entire regions. Join the team!

NAICS: 23

NAICS Definition: Construction

Employees: 13,465

Subsidiaries: 134

12-month incidents

0

Known data breaches

0

Attack type number

1

Kier Group

—

ISO 27001

Not verified

—

SOC2 Type 1

Not verified

—

SOC2 Type 2

Not verified

—

GDPR

Not verified

—

PCI DSS

Not verified

—

HIPAA

Not verified

VINCI

—

ISO 27001

Not verified

—

SOC2 Type 1

Not verified

—

SOC2 Type 2

Not verified

—

GDPR

Not verified

—

PCI DSS

Not verified

—

HIPAA

Not verified

Incidents vs Construction Industry Average (This Year)

No incidents recorded for Kier Group in 2025.

Incidents vs Construction Industry Average (This Year)

No incidents recorded for VINCI in 2025.

Incident History — Kier Group (X = Date, Y = Severity)

Kier Group cyber incidents detection timeline including parent company and subsidiaries

Incident History — VINCI (X = Date, Y = Severity)

VINCI cyber incidents detection timeline including parent company and subsidiaries

Kier Group

Incidents

No Incident

VINCI

Incidents

Date Detected: 9/2023

Type:Ransomware

Attack Vector: phishing, exploiting vulnerabilities, supply chain compromises, third-party breaches, cookie hijacking

Motivation: financial gain, operational disruption, geopolitical influence, strategic hybrid warfare

Blog: Blog

VINCI company demonstrates a stronger AI Cybersecurity Score compared to Kier Group company, reflecting its advanced cybersecurity posture governance and monitoring frameworks.

VINCI company has historically faced a number of disclosed cyber incidents, whereas Kier Group company has not reported any.

In the current year, VINCI company and Kier Group company have not reported any cyber incidents.

VINCI company has confirmed experiencing a ransomware attack, while Kier Group company has not reported such incidents publicly.

Neither VINCI company nor Kier Group company has reported experiencing a data breach publicly.

Neither VINCI company nor Kier Group company has reported experiencing targeted cyberattacks publicly.

Neither Kier Group company nor VINCI company has reported experiencing or disclosing vulnerabilities publicly.

Neither Kier Group nor VINCI holds any compliance certifications.

Neither company holds any compliance certifications.

VINCI company has more subsidiaries worldwide compared to Kier Group company.

VINCI company employs more people globally than Kier Group company, reflecting its scale as a Construction.

Neither Kier Group nor VINCI holds SOC 2 Type 1 certification.

Neither Kier Group nor VINCI holds SOC 2 Type 2 certification.

Neither Kier Group nor VINCI holds ISO 27001 certification.

Neither Kier Group nor VINCI holds PCI DSS certification.

Neither Kier Group nor VINCI holds HIPAA certification.

Neither Kier Group nor VINCI holds GDPR certification.

Description

ImageMagick is free and open-source software used for editing and manipulating digital images. Prior to 7.1.2-9 and 6.9.13-34, there is a vulnerability in ImageMagick’s Magick++ layer that manifests when Options::fontFamily is invoked with an empty string. Clearing a font family calls RelinquishMagickMemory on _drawInfo->font, freeing the font string but leaving _drawInfo->font pointing to freed memory while _drawInfo->family is set to that (now-invalid) pointer. Any later cleanup or reuse of _drawInfo->font re-frees or dereferences dangling memory. DestroyDrawInfo and other setters (Options::font, Image::font) assume _drawInfo->font remains valid, so destruction or subsequent updates trigger crashes or heap corruption. This vulnerability is fixed in 7.1.2-9 and 6.9.13-34.

Published

Date

2025-12-02

Updated

Date

2025-12-02

Risk Information

cvss3

Base: 4.9

Severity: HIGH

CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:L

References

Description

FeehiCMS version 2.1.1 has a Remote Code Execution via Unrestricted File Upload in Ad Management. FeehiCMS version 2.1.1 allows authenticated remote attackers to upload files that the server later executes (or stores in an executable location) without sufficient validation, sanitization, or execution restrictions. An authenticated remote attacker can upload a crafted PHP file and cause the application or web server to execute it, resulting in remote code execution (RCE).

Published

Date

2025-12-02

Updated

Date

2025-12-02

Risk Information

cvss3

Base: 6.5

Severity: LOW

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N

References

Description

PHPGurukul Billing System 1.0 is vulnerable to SQL Injection in the admin/index.php endpoint. Specifically, the username parameter accepts unvalidated user input, which is then concatenated directly into a backend SQL query.

Published

Date

2025-12-02

Updated

Date

2025-12-02

Risk Information

cvss3

Base: 6.5

Severity: LOW

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N

References

Description

NMIS/BioDose software V22.02 and previous versions contain executable binaries with plain text hard-coded passwords. These hard-coded passwords could allow unauthorized access to both the application and database.

Published

Date

2025-12-02

Updated

Date

2025-12-02

Risk Information

cvss3

Base: 7.3

Severity: LOW

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:L

cvss4

Base: 8.4

Severity: LOW

CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:L/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X

References

https://www.cisa.gov/news-events/ics-medical-advisories/icsma-25-336-01

Description

NMIS/BioDose V22.02 and previous versions' installation directory paths by default have insecure file permissions, which in certain deployment scenarios can enable users on client workstations to modify the program executables and libraries.

Published

Date

2025-12-02

Updated

Date

2025-12-02

Risk Information

cvss3

Base: 8.0

Severity: LOW

CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:L/I:H/A:H

cvss4

Base: 7.1

Severity: LOW

CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:N/VC:L/VI:H/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X

References

https://www.cisa.gov/news-events/ics-medical-advisories/icsma-25-336-01

Badge your company to reduce your risk score and your cyber insurance costs!

Comparison Overview

Kier Group

VS

VINCI

Kier Group

VINCI

Compliance Badges Comparison

Benchmark & Cyber Underwriting Signals

Incidents vs Construction Industry Average (This Year)

Incidents vs Construction Industry Average (This Year)

Incident History — Kier Group (X = Date, Y = Severity)

Incident History — VINCI (X = Date, Y = Severity)

Notable Incidents

No Incident

FAQ

Latest Global CVEs (Not Company-Specific)

CVE-2025-65955

Risk Information

CVE-2025-65657

Risk Information

CVE-2025-65380

Risk Information

CVE-2025-64778

Risk Information

CVE-2025-64642

Risk Information

Badge your company to reduce your risk score and your cyber insurance costs!

Comparison Overview

Kier Group

VS

VINCI

Kier Group

VINCI

Compliance Badges Comparison

Benchmark & Cyber Underwriting Signals

Incidents vs Construction Industry Average (This Year)

Incidents vs Construction Industry Average (This Year)

Incident History — Kier Group (X = Date, Y = Severity)

Incident History — VINCI (X = Date, Y = Severity)

Notable Incidents

No Incident

🔒 Incident : Ransomware VIN0962109103025

FAQ

Between Kier Group company and VINCI company, which one has the best AI Cybersecurity Score ?

Between Kier Group company and VINCI company, which one has experienced more cyber incidents in the past ?

Between Kier Group company and VINCI company, which one has experienced more cyber incidents this year ?

Between Kier Group company and VINCI company, which one has experienced at least one ransomware attack ?

Between Kier Group company and VINCI company, which one has experienced at least one data breach ?

Between Kier Group company and VINCI company, which one has experienced at least one targeted cyberattack ?

Between Kier Group company and VINCI company, which one has experienced at least one vulnerability ?

Between Kier Group company and VINCI company, which one holds the most compliance certifications ?

Between Kier Group company and VINCI company, which one holds the fewest compliance certifications ?

Between Kier Group company and VINCI company, which one has the most subsidiaries ?

Between Kier Group company and VINCI company, which one has the largest number of employees ?

Between Kier Group and VINCI, which company holds both SOC 2 Type 1 certifications ?

Between Kier Group and VINCI, which company holds both SOC 2 Type 2 certifications ?

Which company is ISO 27001 certified — Kier Group or VINCI ?

Which company is PCI DSS compliant — Kier Group or VINCI ?

Between Kier Group and VINCI, which company complies with HIPAA regulations for healthcare data ?

Between Kier Group and VINCI, which company complies with GDPR requirements ?

Latest Global CVEs (Not Company-Specific)

CVE-2025-65955

Risk Information

CVE-2025-65657

Risk Information

CVE-2025-65380

Risk Information

CVE-2025-64778

Risk Information

CVE-2025-64642

Risk Information