UpGuard Blog

Cyber Resilience Challenge: Coke vs Pepsi

Written by UpGuard | Mar 7, 2017 2:24:15 PM


Few corporate rivalries are as legendary as these two enterprise contenders; admittedly, there have been more than a fair share of comparisons pitting the pair against each other over the last century. So we're offering a twist to the traditional cola challenge: how do Pepsi and Coke stack up in terms of cyber resilience? Read more to find out. 

Like many dominant brands, Pepsi and Coke are also compromised of a myriad of popular offerings that span the globe. For example, Coca-Cola also owns Sprite, Fanta, DASANI, and Minute Maid; similarly, PepsiCo owns Mountain Dew, Gatorade, Aquafina, Lipton, to name a few. Keep in mind that each has its own website with varying levels of cyber resilience—for this comparison, we'll focus solely on the flagship brands, Coke and Pepsi.


As they undergo digital transformation to provide more diverse, competitively-priced products and services, Coke and Pepsi—as well as other global enterprises—have also assumed varying amounts of digital risk. What do their CSTAR scores reveal about their cyber resilience postures and security fitness?



Coca-Cola's most recent security incident in 2014 involved a data breach of 74,000 employee records—employee social security numbers, driver's license numbers, financial data, and other information were exposed after a disgruntled employee stole dozens of laptops. 

Coke's low CSTAR score of 428 is a result of a myriad of flaws present in its website perimeter security, namely lack of sitewide SSL, lack of HTTP strict transport security, server information leakage, and disabled DMARC/DNSSEC.



Pepsi made cybersecurity news headlines back in 2008 when a missing storage device resulted in the exposure of employee data. Since then, however, the company has managed to steer clear of major cybersecurity incidents.

Like Coke, Pepsi's low 475 CSTAR score reflect several critical security gaps in its website security posture, including lack of sitewide SSL, disabled HTTP strict transport security, and missing DMARC/DNSSEC/SPF.


Side-by-Side CSTAR Scoring:
Coke vs. Pepsi

When it comes to enterprise cyber resilience, the world's two largest beverage vendors suffer from similar website perimiter security issures such as lack of DMARC/DNSSEC and missing HTTP strict transport security. A lack of sitewide SSL on both companies' websites could lead to a man-in-the-middle (MiTM) attack. 




Curious about how well your favorite brands perform when it comes to critical measures of cyber resilience and security fitness? Try out our free CSTAR Chrome Extension or sign up for an in-depth customized demo of UpGuard's cyber resilience platform today.


More Articles

Datadog vs. New Relic

Monitoring tools have come a long way since the early days of Big Brother. Today's solutions have evolved into powerful software troubleshooting and performance analytics platforms capable of deconstructing and analyzing the entire application stack—infrastructure up—for bugs and issues.

Cisco vs. FireEye for Continuous Security

Who provides better continuous security: the world's largest maker of networking equipment or the first cybersecurity firm certified by the U.S. Department of Homeland Security?

Read Article >

AlienVault vs. Tenable for Continuous Security

As perimeter-based cyber protection falls to the wayside, a new breed of continuous security solutions are emerging that combine traditional endpoint protection with newer technologies like security information and event management (SIEM) and crowdsourced threat intelligence.

Read Article