Kaspersky has today released Protection beyond detection: Why trust and transparency decide your cybersecurity future, a new whitepaper based on an independent transparency and accountability assessment of 14 leading cybersecurity vendors. Kaspersky emerged as one of the most transparent vendors assessed, consistently exceeding industry norms across data handling, supply chain trust and customer verification capabilities.
The independent study*, Transparency Review and Accountability
in Cyber Security, on which the new Kaspersky whitepaper is based, was
commissioned by the Tyrol Chamber of Commerce (WKO) and conducted by MCI | The
Entrepreneurial School® and legal experts in cooperation with AV-Comparatives. The
research evaluates vendors against a wide range of transparency and
accountability criteria and finds that while baseline compliance is widespread,
many verifiable trust practices remain rare across the industry.
The assessment has revealed the following key differentiators: Kaspersky was one of only three of the 14 vendors evaluated to provide their customers with access to Transparency Centers where source code, data handling practices, and update processes can be independently reviewed. Of these, Kaspersky stands out with the broadest Transparency Center offering, including threat detection rule examination and a verification check to confirm builds match public releases. As part of its Global Transparency Initiative, Kaspersky opened more than 10 such facilities globally, offering multiple review options for enterprise and government stakeholders.
Kaspersky is also among only three vendors to provide access to a Software Bill of Materials (SBOM), and one of just four to publish regular transparency reports detailing requests from law enforcement and government agencies, highlighting a significant gap between stated commitments and practical accountability across the industry.
Kaspersky excels among low adopted practices
Across the 60 criteria assessed, Kaspersky met or exceeded industry benchmarks in 57 categories, the highest result among the vendors reviewed. In addition, Kaspersky was one of just three vendors to meet all the security posture criteria analyzed, including vulnerability reporting, security advisories, collaboration and commitment to the ‘Safe Harbor’ statement, security audit results and secure Software Development Life Cycle (SDLC) processes. These criteria are described in the report as ‘key indicators of trustworthiness and long-term resilience.’
The assessment also included a hands-on technical analysis of cybersecurity products. Kaspersky Next EDR Optimum demonstrated minimal data collection in testing and was recognized for providing customers with the ability to disable cloud-based reputation services and EDR functionality entirely.
The assessment also found that customer control over product updates varies significantly between vendors. While nearly all vendors publish public update histories, only eight support staged update rollouts, and only six, including Kaspersky, allow customers to inspect virus definitions. These capabilities can be critical for organizations operating in regulated or sensitive environments where change management and verification are required.
Commenting on the research, Eugene Kaspersky, founder and CEO of Kaspersky, said that, in order to be credible, transparency must be demonstrable. “Cybersecurity solutions run deep inside our customers’ systems, so being accountable really matters,” he explained. “When independent experts review our work, transparency becomes something you can measure – not just take on faith. We give organizations concrete evidence they can use to decide whom to trust, while at the same time encouraging higher standards across the entire cybersecurity industry.”
Endpoint detection and response platforms process telemetry, manage automated updates, and rely on cloud-based services to deliver protection. As a result, transparency and accountability are now closely linked to governance, compliance, and supply chain risk rather than being viewed solely as technical attributes.
Transparency is a key determinant
The report concludes that for CISOs and enterprise stakeholders, transparency should be a key evaluation criterion in vendor selection. Vendors that combine strong protection with structured transparency, such as SBOM availability, verifiable update processes, published audit results, and customer-controlled data flows, offer enterprises a higher level of assurance.
At an industry level, the research reflects a broader shift toward accountability-driven cybersecurity governance. Regulatory initiatives increasingly emphasize traceability, secure development, and post-market transparency, signaling that practices identified as low adoption today may soon become baseline expectations. Independent assessments provide a benchmark for both vendors and customers as these expectations evolve.
To help CISOs ensure sound third-party risk management, Kaspersky has included an actionable checklist for CISOs in the whitepaper by following which they can evaluate trustworthiness of their software providers and strengthen resilience of their supply chain.
The full report, Transparency Review and Accountability in Cybersecurity, is available here.
* "Transparency Review and Accountability in Cybersecurity," 2025 edition, commissioned by WKO (Tyrol Chamber of Commerce) and conducted by AV-Comparatives, MCI | The Entrepreneurial School®, and Studio Legale Tremolada.
