Cloudflare and Mastercard have entered into a strategic partnership to develop tools that help small businesses, critical infrastructure, and governments protect themselves from pressing cyber threats without putting the brakes on innovation.
The collaboration will combine attack surface monitoring capabilities from Mastercard’s Recorded Future and RiskRecon with Cloudflare’s Application Security portfolio. This unified solution is designed to allow millions of organisations to map, prioritise, and automate the swift remediation of hidden risks across their internet-facing environments.
Addressing the expanding attack surface
As emerging technologies allow organisations to innovate at speed, the rapid layering of new vendors, outsourced services, legacy systems, and “shadow IT” into business environments causes the digital attack surface to expand. Often, this expansion happens without an organisation’s knowledge, leaving security teams in the dark and creating a visibility gap that threat actors can exploit.
Stephanie Cohen, chief strategy officer at Cloudflare, highlighted the severity of this issue for smaller, resource-constrained entities: “For small businesses, critical infrastructure, and governments, a cyberattack is more than a technical hurdle. It is an existential threat. Often considered ‘target rich but resource poor,’ these organizations are strategic targets and are often attacked at a greater rate than global enterprise or Fortune 500 organizations.”
A unified approach to cyber defence
To help these underserved organisations protect critical information while maintaining their pace of innovation, the partnership focuses on three core capabilities:
- Eliminating blind spots: Users will be able to monitor their digital presence by discovering any internet-facing domains or software stacks running on the web through Recorded Future. Once unprotected assets are identified, organisations can immediately extend Cloudflare’s Application Security Portfolio to secure them.
- Providing real-time cyber posture views: Companies will gain access to a continuously updated view of their cyber posture, including an “A–F” graded security rating. This grade is based on checks across software vulnerabilities, authentication weaknesses, exposed infrastructure, and third-party risks. Findings will appear in Cloudflare’s Security Insights dashboard, prioritised by the asset’s criticality and severity.
- Translating insights into actionable protection: Organisations will have the ability to directly enable security controls—such as a web application firewall (WAF), encryption, or automated defences—to mitigate identified risks straight through the Cloudflare dashboard.
Securing the global economy
The initiative also underscores the broader economic and societal implications of cyber resilience. Johan Gerber, global head of security solutions at Mastercard, noted: “With small businesses accounting for about half of the world’s GDP, closing the resilience gap is critical to securing the foundation of our global economy.”
Furthermore, the protection of critical infrastructure requires extensive cross-sector cooperation. Dan Cimpean, director of the Romanian National Cyber Security Directorate, reinforced this point: “As society and global economies increasingly rely on digital networks, we must combine our efforts across the public and private sectors, across nations and international organizations, to build resilience and prevent cyber incidents. The protection of critical infrastructure is and must be a joint effort.”