Comparison Overview

Lakesmere Group

VS

COLAS

Lakesmere Group

The Ring Tower Centre, Winnall, WInchester, SO23 7RZ, GB
Last Update: 2025-03-10 (UTC)
Between 900 and 1000
http://www.Lakesmere.com

Excellent

The Lakesmere Group comprises Lakesmere Limited (UK), McMullen Facades Ltd, Lakesmere Arabia LLC, Lakesmere Oman LLC, Lakesmere Middle East LLC (Dubai and Abu Dhabi) and Lakesmere Hong Kong. Providing the complete solution for the external building envelope, Lakesmere Group Limited has over 25 yearsโ€™ experience of working with architects, specifiers, main contractors and suppliers in virtually every type of new build and refurbishment project. In 2012, The UKโ€™s leading glass facades specialist McMullen became part of the Lakesmere Group providing expertise in unitised curtain walling and glass facades solutions. The Lakesmere Group currently has circa 900 employees worldwide. Group Turnover to year ending January 2016 grew to ยฃ118.5m and will be in excess of ยฃ120m in 2017. Lakesmere has built an enviable reputation in the construction industry to become the UKโ€™s leading roofing, cladding and building envelope specialist contractor and manufacturer, with expertise in 3D/4D CAD design, BIM, project management and installation. Major clients include BAM Construction, Balfour Beatty, Carillion, Canary Wharf Contractors, Costain, Kier, Laing Oโ€™Rourke, Lendlease, Sir Robert McAlpine, Vinci and Wates. Lakesmereโ€™s impressive project portfolio includes many high profile and iconic buildings such as the award-winning London Aquatics Centre, the new Heathrow Terminal 2 building, the National Graphene Institute, Canary Wharf Crossrail Station and The King Abdulaziz International Airport as well as numerous schools, hospitals, retail and leisure developments and commercial buildings. The companyโ€™s expertise and the skills of its workforce has led to numerous awards for excellence, including winning a Queenโ€™s Award for Enterprise in 2015. The company places a strong emphasis on training, people development and business improvement and is ISO 14001 accredited.

NAICS: 23
NAICS Definition:
Employees: 104
Subsidiaries: 0
12-month incidents
0
Known data breaches
0
Attack type number
0

COLAS

Last Update: 2025-05-06 (UTC)

Excellent

Between 900 and 1000
https://allinks.click/colas

The Colas Group is a global leader in the construction and maintenance of transport infrastructure. Our mission is to design, build and maintain sustainable transport infrastructure from our local roots, around the world ๐ŸŒ Our three main activities are roads (our core business), materials and railways. Colas in numbersโ€ฆ ๐Ÿ“ 50 countries across 5 continents ๐Ÿ‘ทโ€โ™€๏ธ๐Ÿ‘ทโ€โ™‚๏ธ about 58,000 employees ๐Ÿšง 60,000 projects โ™ป 3,000 materials production and recycling units ๐Ÿš€ 15.5 billion euros in revenue in 2022 Colasโ€™ eight CSR commitments have been formalized in the ACT corporate project (Act and Commit Together), to respond to the expectations of its customers, employees, partners, users, investors and, more generally speaking, civil society as a whole. At Colas, we believe that itโ€™s our people that drive our company forward. We strive to develop talent, and we give those who join the company the opportunity to reach their full potential throughout their careers. Because, when you join Colas, we hope youโ€™ll make a career here.

NAICS: 23
NAICS Definition: Construction
Employees: 18,264
Subsidiaries: 119
12-month incidents
0
Known data breaches
1
Attack type number
2

Compliance Badges Comparison

Security & Compliance Standards Overview

https://images.rankiteo.com/companyimages/lakesmere-building-envelope-specialists.jpeg
Lakesmere Group
โ€”
ISO 27001
Not verified
โ€”
SOC 2
Not verified
โ€”
GDPR
No public badge
โ€”
PCI DSS
No public badge
https://images.rankiteo.com/companyimages/colas.jpeg
COLAS
โ€”
ISO 27001
Not verified
โ€”
SOC 2
Not verified
โ€”
GDPR
No public badge
โ€”
PCI DSS
No public badge
Compliance Summary
Lakesmere Group
100%
Compliance Rate
0/4 Standards Verified
COLAS
0%
Compliance Rate
0/4 Standards Verified

Benchmark & Cyber Underwriting Signals

Incidents vs Construction Industry Average (This Year)

No incidents recorded for Lakesmere Group in 2025.

Incidents vs Construction Industry Average (This Year)

No incidents recorded for COLAS in 2025.

Incident History โ€” Lakesmere Group (X = Date, Y = Severity)

Lakesmere Group cyber incidents detection timeline including parent company and subsidiaries

Incident History โ€” COLAS (X = Date, Y = Severity)

COLAS cyber incidents detection timeline including parent company and subsidiaries

Notable Incidents

Last 3 Security & Risk Events by Company

https://images.rankiteo.com/companyimages/lakesmere-building-envelope-specialists.jpeg
Lakesmere Group
Incidents

No Incident

https://images.rankiteo.com/companyimages/colas.jpeg
COLAS
Incidents

Date Detected: 8/2025
Type:Cyber Attack
Blog: Blog

Date Detected: 8/2025
Type:Breach
Blog: Blog

FAQ

Both Lakesmere Group company and COLAS company demonstrate a comparable AI risk posture, with strong governance and monitoring frameworks in place.

COLAS company has historically faced a number of disclosed cyber incidents, whereas Lakesmere Group company has not reported any.

In the current year, COLAS company has reported more cyber incidents than Lakesmere Group company.

Neither COLAS company nor Lakesmere Group company has reported experiencing a ransomware attack publicly.

COLAS company has disclosed at least one data breach, while Lakesmere Group company has not reported such incidents publicly.

COLAS company has reported targeted cyberattacks, while Lakesmere Group company has not reported such incidents publicly.

Neither Lakesmere Group company nor COLAS company has reported experiencing or disclosing vulnerabilities publicly.

COLAS company has more subsidiaries worldwide compared to Lakesmere Group company.

COLAS company employs more people globally than Lakesmere Group company, reflecting its scale as a Construction.

Latest Global CVEs (Not Company-Specific)

Description

Formbricks is an open source qualtrics alternative. Prior to version 4.0.1, Formbricks is missing JWT signature verification. This vulnerability stems from a token validation routine that only decodes JWTs (jwt.decode) without verifying their signatures. Both the email verification token login path and the password reset server action use the same validator, which does not check the tokenโ€™s signature, expiration, issuer, or audience. If an attacker learns the victimโ€™s actual user.id, they can craft an arbitrary JWT with an alg: "none" header and use it to authenticate and reset the victimโ€™s password. This issue has been patched in version 4.0.1.

Published
Date
2025-09-26
Updated
Date
2025-09-26
Risk Information
cvss3
Base: 9.4
Severity: LOW
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:L
References
Description

Apollo Studio Embeddable Explorer & Embeddable Sandbox are website embeddable software solutions from Apollo GraphQL. Prior to Apollo Sandbox version 2.7.2 and Apollo Explorer version 3.7.3, a cross-site request forgery (CSRF) vulnerability was identified. The vulnerability arises from missing origin validation in the client-side code that handles window.postMessage events. A malicious website can send forged messages to the embedding page, causing the victimโ€™s browser to execute arbitrary GraphQL queries or mutations against their GraphQL server while authenticated with the victimโ€™s cookies. This issue has been patched in Apollo Sandbox version 2.7.2 and Apollo Explorer version 3.7.3.

Published
Date
2025-09-26
Updated
Date
2025-09-26
Risk Information
cvss3
Base: 8.2
Severity: LOW
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:H/A:N
References
Description

A security vulnerability has been detected in Portabilis i-Educar up to 2.10. Affected by this vulnerability is an unknown functionality of the file /consulta-dispensas. Such manipulation leads to improper authorization. The attack may be launched remotely. The exploit has been disclosed publicly and may be used.

Published
Date
2025-09-26
Updated
Date
2025-09-26
Risk Information
cvss2
Base: 6.5
Severity: LOW
AV:N/AC:L/Au:S/C:P/I:P/A:P
cvss3
Base: 6.3
Severity: LOW
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L
cvss4
Base: 5.3
Severity: LOW
CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
References
Description

A weakness has been identified in Portabilis i-Educar up to 2.10. Affected is an unknown function of the file /module/Api/aluno. This manipulation of the argument aluno_id causes improper authorization. The attack may be initiated remotely. The exploit has been made available to the public and could be exploited.

Published
Date
2025-09-26
Updated
Date
2025-09-26
Risk Information
cvss2
Base: 6.5
Severity: LOW
AV:N/AC:L/Au:S/C:P/I:P/A:P
cvss3
Base: 6.3
Severity: LOW
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L
cvss4
Base: 5.3
Severity: LOW
CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
References
Description

A security flaw has been discovered in Tencent WeKnora 0.1.0. This impacts the function testEmbeddingModel of the file /api/v1/initialization/embedding/test. The manipulation of the argument baseUrl results in server-side request forgery. The attack can be launched remotely. The exploit has been released to the public and may be exploited. It is advisable to upgrade the affected component. The vendor responds: "We have confirmed that the issue mentioned in the report does not exist in the latest releases".

Published
Date
2025-09-26
Updated
Date
2025-09-26
Risk Information
cvss2
Base: 7.5
Severity: LOW
AV:N/AC:L/Au:N/C:P/I:P/A:P
cvss3
Base: 7.3
Severity: LOW
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L
cvss4
Base: 6.9
Severity: LOW
CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
References