Rankiteo Logo
Rankiteo
Leader in Cyber Underwriting
Loading...
NEWRankiteo Cyber Underwriting Desktop - Score, price, and bind from your desktop
WindowsmacOSLinux
Download
Merative

Merative Vendor Cyber Rating & Cyber Score

Merative.com
cbin
Add Your Compliance Badge
ISO 27001
SOC 2 Type 1
SOC 2 Type 2
PCI DSS
HIPAA
GDPR

Merative is a data, software and technology partner for the health and government social services industries, working with providers, health plans, employers, life sciences companies and governments. With trusted technology and human expertise, the company works with clients to drive real progress. Merative helps clients orient information and insights around the people they serve to improve decision-making and performance. Merative, formerly IBM Watson Health, became a new standalone company as part of Francisco Partners in 2022. Learn more at merative.com.


Merative A.I CyberSecurity Scoring

Incident Details
Merative
Company Information
Website:http://Merative.com
Employees number:1,565
Number of followers:70,917
NAICS:5415
Industry Type:IT Services and IT Consulting
Homepage:Merative.com
Cyber Premium EstimationGet Supply Chain
Merative Risk Score (AI oriented)
Between 750 and 799
logo
MerativeIT Services and IT Consulting
Updated:
05/06/2026
759/1000
Fair
Baa
AaaAaABaaBaBCaaCaC
Powered by our proprietary A.I cyber incident model
Insurance prefers TPRM score to calculate premium
Merative Global Score (TPRM)
xxxx
logo
MerativeIT Services and IT Consulting
•••
Score locked
Instant access to detailed risk factors
Vulnerabilities
Benchmark vs. industry & size peers
Findings

Merative
MerativeFair
Current Score
759Baa (FAIR)
01000
1 incidents
0 avg impact
Incident timeline with MITRE ATT&CK tactics, techniques, and mitigations.
JUNE 2026
759Before Incident
MAY 2026
759Before Incident
APRIL 2026
759Before Incident
MARCH 2026
759Before Incident
FEBRUARY 2026
759Before Incident
JANUARY 2026
759Before Incident
DECEMBER 2025
759Before Incident
NOVEMBER 2025
759Before Incident
OCTOBER 2025
759Before Incident
SEPTEMBER 2025
759Before Incident
AUGUST 2025
759Before Incident
JULY 2025
759Before Incident
JANUARY 2013
760Before Incident
Cyber Attack
01 Jan 2013Merative
IBM and Truven: Former cyber executive turned whistleblower accuses IBM of covering up several data breaches

Alleged Decade-Long Cover-Up of State-Sponsored Cyberattacks on IBM

743After Incident
CRITICAL-17
MERIBM1780698286
Former IBM Executive Alleges Decade-Long Cover-Up of State-Sponsored Cyberattacks A recently unsealed 2020 lawsuit filed by William Barlow, IBM’s former vice president of threat intelligence, accuses the company of concealing multiple cyber breaches including attacks by foreign governments over the past decade. Barlow, who left IBM in August 2019, claims the tech giant failed to disclose breaches of its core network and subsidiaries, despite evidence of extensive compromise. The lawsuit centers on a 2013–2016 campaign attributed to APT 10, a Chinese state-linked hacking group indicted by the U.S. in 2018. According to Barlow, intelligence officials from the Five Eyes alliance (U.S., U.K., Canada, Australia, and New Zealand) warned IBM of the breach in March 2017, prompting an internal investigation. The probe found that APT 10 potentially breached IBM’s network over 56,000 times, compromising 400 accounts and nearly 200 systems across 18 countries and multiple business units. However, IBM allegedly did not retain access logs, hindering further investigation. Barlow further alleges that IBM never notified government authorities or customers, including the U.S. federal government a major IBM client. The complaint describes IBM’s infrastructure as outdated and vulnerable, with hackers moving undetected across its systems. Additionally, Barlow claims breaches at two IBM subsidiaries: Trusteer (a cybersecurity firm acquired in 2013) in 2018 and Truven (a healthcare data company acquired in 2016), which was allegedly breached multiple times post-acquisition. IBM has denied wrongdoing, stating the lawsuit is six years old and that the U.S. Department of Justice declined to intervene. The company maintains it acted within the law. Barlow’s lawyer has indicated plans to aggressively litigate the case, framing the allegations as incompatible with IBM’s role as a federal cybersecurity vendor. The case highlights concerns over undisclosed breaches at major tech firms, even as stricter data breach notification laws have been enacted in recent years.
INCIDENT DETAILS -
TYPE
State-sponsored cyberattackData breach
MOTIVATION
EspionageData exfiltration
IMPACT
Data Compromised: YesSystems Affected: Nearly 200 systemsOperational Impact: Extensive compromise across multiple business unitsBrand Reputation Impact: Potential damage due to undisclosed breachesLegal Liabilities: Potential regulatory and legal actions
DATA BREACH
Sensitivity Of Data: Potentially high (healthcare data, federal client data)Data Exfiltration: SuspectedPersonally Identifiable Information: Potentially (healthcare data)
REFERENCES
Blog URLSource URL

Frequently Asked Questions

?
What is the current A.I Rankiteo Cyber Score for Merative ?
?
What was Merative's A.I Rankiteo Cyber Score in May 2026 ?
?
What was Merative's A.I Rankiteo Cyber Score in April 2026 ?
?
What was Merative's A.I Rankiteo Cyber Score in March 2026 ?
?
What was Merative's A.I Rankiteo Cyber Score in February 2026 ?
?
What was Merative's A.I Rankiteo Cyber Score in January 2026 ?
?
What was Merative's A.I Rankiteo Cyber Score in December 2025 ?
?
What was Merative's A.I Rankiteo Cyber Score in November 2025 ?
?
What was Merative's A.I Rankiteo Cyber Score in October 2025 ?
?
What was Merative's A.I Rankiteo Cyber Score in September 2025 ?
?
What was Merative's A.I Rankiteo Cyber Score in August 2025 ?
?
What was Merative's A.I Rankiteo Cyber Score in July 2025 ?
?
What is the average per-incident point impact on Merative's A.I Rankiteo Cyber Score over the past 12 months ?
?
Where can I access detailed records of all cyber incidents associated with Merative ?
?
Where can I find a summary of the A.I Rankiteo Risk Scoring methodology ?
?
Where can I view Merative's profile page on Rankiteo ?
?
How accurate is the A.I Rankiteo Risk Scoring methodology ?