Comparison Overview

SM Investments

VS

Deutsche Bank

SM Investments

Harbor Drive, Mall of Asia Complex 10th Floor Pasay City, Metro Manila 1900, PH
Last Update: 2025-11-25
View Profile
Between 750 and 799
http://www.sminvestments.com

SM Investments Corporation is a leading Philippine company that is invested in market-leading businesses in retail, banking, and property. It also invests in ventures that capture high growth opportunities in the emerging Philippine economy. SM’s retail operations are the country’s largest and most diversified with its food, non-food, and specialty retail stores. SM’s property arm, SM Prime Holdings, Inc., is the largest integrated property developer in the Philippines with interests in malls, residences, offices, hotels, and convention centers as well as tourism-related property developments. SM’s interests in banking are in BDO Unibank, Inc., the country’s largest bank, and China Banking Corporation, the fourth largest bank by total assets among private banks. SM’s retail operations are the country’s largest and most diversified with its food, non-food and specialty retail stores. SM’s property arm, SM Prime Holdings, Inc., is the largest integrated property developer in the Philippines with interests in malls, residences, offices, hotels and convention centers as well as tourism-related property developments. SM’s interests in banking are in BDO Unibank, Inc., the country’s largest bank and China Banking Corporation, the 6th largest bank.

NAICS: 52
NAICS Definition: Finance and Insurance
Employees: 10,001
Subsidiaries: 0
12-month incidents
0
Known data breaches
0
Attack type number
0
View Profile

Deutsche Bank

Taunusanlage 12, Frankfurt am Main, Hessen, 60325, DE
Last Update: 2025-11-26
Between 700 and 749
https://www.db.com

Deutsche Bank is the leading German bank with strong European roots and a global network. The bank focuses on its strengths in a Corporate Bank newly created in 2019, a leading Private Bank, a focused investment bank and in asset management. We provide financial services to companies, governments, institutional investors, small and medium-sized businesses and private individuals. Deutsche Bank was founded in 1870 to accompany German businesses into the world, and has worked across borders ever since. Useful links: Jobs https://www.db.com/careers. Netiquette at https://www.db.com/netiquette. Data protection policy https://www.db.com/DataProtection. Imprint https://www.db.com/imprint.

NAICS: 52
NAICS Definition: Finance and Insurance
Employees: 74,237
Subsidiaries: 7
12-month incidents
0
Known data breaches
2
Attack type number
2

Compliance Badges Comparison

Security & Compliance Standards Overview

https://images.rankiteo.com/companyimages/sm-investments-corporation.jpeg
SM Investments
ISO 27001
ISO 27001 certification not verified
Not verified
SOC2 Type 1
SOC2 Type 1 certification not verified
Not verified
SOC2 Type 2
SOC2 Type 2 certification not verified
Not verified
GDPR
GDPR certification not verified
Not verified
PCI DSS
PCI DSS certification not verified
Not verified
HIPAA
HIPAA certification not verified
Not verified
https://images.rankiteo.com/companyimages/deutsche-bank.jpeg
Deutsche Bank
ISO 27001
ISO 27001 certification not verified
Not verified
SOC2 Type 1
SOC2 Type 1 certification not verified
Not verified
SOC2 Type 2
SOC2 Type 2 certification not verified
Not verified
GDPR
GDPR certification not verified
Not verified
PCI DSS
PCI DSS certification not verified
Not verified
HIPAA
HIPAA certification not verified
Not verified
Compliance Summary
SM Investments
100%
Compliance Rate
0/4 Standards Verified
Deutsche Bank
0%
Compliance Rate
0/4 Standards Verified

Benchmark & Cyber Underwriting Signals

Incidents vs Financial Services Industry Average (This Year)

No incidents recorded for SM Investments in 2025.

Incidents vs Financial Services Industry Average (This Year)

No incidents recorded for Deutsche Bank in 2025.

Incident History — SM Investments (X = Date, Y = Severity)

SM Investments cyber incidents detection timeline including parent company and subsidiaries

Incident History — Deutsche Bank (X = Date, Y = Severity)

Deutsche Bank cyber incidents detection timeline including parent company and subsidiaries

Notable Incidents

Last 3 Security & Risk Events by Company

https://images.rankiteo.com/companyimages/sm-investments-corporation.jpeg
SM Investments
Incidents

No Incident

https://images.rankiteo.com/companyimages/deutsche-bank.jpeg
Deutsche Bank
Incidents

Date Detected: 07/2023
Type:Data Leak
Attack Vector: Exploitation of Software Vulnerability
Blog: Blog

Date Detected: 6/2023
Type:Breach
Attack Vector: Physical Access, Logical Access
Blog: Blog

Date Detected: 11/2022
Type:Breach
Attack Vector: Initial Access Broker
Motivation: Financial Gain
Blog: Blog

FAQ

SM Investments company demonstrates a stronger AI Cybersecurity Score compared to Deutsche Bank company, reflecting its advanced cybersecurity posture governance and monitoring frameworks.

Deutsche Bank company has historically faced a number of disclosed cyber incidents, whereas SM Investments company has not reported any.

In the current year, Deutsche Bank company and SM Investments company have not reported any cyber incidents.

Neither Deutsche Bank company nor SM Investments company has reported experiencing a ransomware attack publicly.

Deutsche Bank company has disclosed at least one data breach, while SM Investments company has not reported such incidents publicly.

Neither Deutsche Bank company nor SM Investments company has reported experiencing targeted cyberattacks publicly.

Neither SM Investments company nor Deutsche Bank company has reported experiencing or disclosing vulnerabilities publicly.

Neither SM Investments nor Deutsche Bank holds any compliance certifications.

Neither company holds any compliance certifications.

Deutsche Bank company has more subsidiaries worldwide compared to SM Investments company.

Deutsche Bank company employs more people globally than SM Investments company, reflecting its scale as a Financial Services.

Neither SM Investments nor Deutsche Bank holds SOC 2 Type 1 certification.

Neither SM Investments nor Deutsche Bank holds SOC 2 Type 2 certification.

Neither SM Investments nor Deutsche Bank holds ISO 27001 certification.

Neither SM Investments nor Deutsche Bank holds PCI DSS certification.

Neither SM Investments nor Deutsche Bank holds HIPAA certification.

Neither SM Investments nor Deutsche Bank holds GDPR certification.

Latest Global CVEs (Not Company-Specific)

Description

Angular is a development platform for building mobile and desktop web applications using TypeScript/JavaScript and other languages. Prior to versions 19.2.16, 20.3.14, and 21.0.1, there is a XSRF token leakage via protocol-relative URLs in angular HTTP clients. The vulnerability is a Credential Leak by App Logic that leads to the unauthorized disclosure of the Cross-Site Request Forgery (XSRF) token to an attacker-controlled domain. Angular's HttpClient has a built-in XSRF protection mechanism that works by checking if a request URL starts with a protocol (http:// or https://) to determine if it is cross-origin. If the URL starts with protocol-relative URL (//), it is incorrectly treated as a same-origin request, and the XSRF token is automatically added to the X-XSRF-TOKEN header. This issue has been patched in versions 19.2.16, 20.3.14, and 21.0.1. A workaround for this issue involves avoiding using protocol-relative URLs (URLs starting with //) in HttpClient requests. All backend communication URLs should be hardcoded as relative paths (starting with a single /) or fully qualified, trusted absolute URLs.

Published
Date
2025-11-26
Updated
Date
2025-11-26
Risk Information
cvss4
Base: 7.7
Severity: LOW
CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:N/SC:H/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
References
Description

Forge (also called `node-forge`) is a native implementation of Transport Layer Security in JavaScript. An Uncontrolled Recursion vulnerability in node-forge versions 1.3.1 and below enables remote, unauthenticated attackers to craft deep ASN.1 structures that trigger unbounded recursive parsing. This leads to a Denial-of-Service (DoS) via stack exhaustion when parsing untrusted DER inputs. This issue has been patched in version 1.3.2.

Published
Date
2025-11-26
Updated
Date
2025-11-26
Risk Information
cvss4
Base: 8.7
Severity: LOW
CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
References
Description

Forge (also called `node-forge`) is a native implementation of Transport Layer Security in JavaScript. An Integer Overflow vulnerability in node-forge versions 1.3.1 and below enables remote, unauthenticated attackers to craft ASN.1 structures containing OIDs with oversized arcs. These arcs may be decoded as smaller, trusted OIDs due to 32-bit bitwise truncation, enabling the bypass of downstream OID-based security decisions. This issue has been patched in version 1.3.2.

Published
Date
2025-11-26
Updated
Date
2025-11-26
Risk Information
cvss4
Base: 6.3
Severity: LOW
CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
References
Description

Suricata is a network IDS, IPS and NSM engine developed by the OISF (Open Information Security Foundation) and the Suricata community. Prior to versions 7.0.13 and 8.0.2, working with large buffers in Lua scripts can lead to a stack overflow. Users of Lua rules and output scripts may be affected when working with large buffers. This includes a rule passing a large buffer to a Lua script. This issue has been patched in versions 7.0.13 and 8.0.2. A workaround for this issue involves disabling Lua rules and output scripts, or making sure limits, such as stream.depth.reassembly and HTTP response body limits (response-body-limit), are set to less than half the stack size.

Published
Date
2025-11-26
Updated
Date
2025-11-26
Risk Information
cvss3
Base: 7.5
Severity: LOW
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
References
Description

Suricata is a network IDS, IPS and NSM engine developed by the OISF (Open Information Security Foundation) and the Suricata community. In versions from 8.0.0 to before 8.0.2, a NULL dereference can occur when the entropy keyword is used in conjunction with base64_data. This issue has been patched in version 8.0.2. A workaround involves disabling rules that use entropy in conjunction with base64_data.

Published
Date
2025-11-26
Updated
Date
2025-11-26
Risk Information
cvss3
Base: 7.5
Severity: LOW
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
References