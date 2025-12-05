Independent TRACS 2025 Study Highlights Transparency and Data Practices in Leading Cybersecurity Products

Independent TRACS 2025 study evaluates cybersecurity vendors’ transparency, compliance, and data practices across 14 enterprise solutions.

INNSBRUCK, AUSTRIA, December 5, 2025 /EINPresswire.com/ -- The Tyrol Chamber of Commerce (WKO), in collaboration with MCI | The Entrepreneurial School® and AV-Comparatives, has released the Transparency Review and Accountability in Cyber Security (TRACS) 2025, a comprehensive independent study examining how major cybersecurity vendors disclose data practices, implement compliance measures, and communicate transparency to their customers. The report aims to support enterprises, public institutions, and SMEs in making informed, evidence-based decisions when selecting cybersecurity solutions.

The study evaluates 14 widely used enterprise cybersecurity products. It combines a legal review of agreements and publicly available vendor information with a technical assessment of network traffic generated by installed security solutions.

Key Findings
The study identifies the differences across vendors in how they communicate transparency and data-handling policies. All solutions are closed-source, and while many confirm the use of third-party or open-source components, disclosures differ in depth and structure. A small number of vendors operate transparency centres that offer controlled inspection of source code and documentation.

All vendors confirm compliance with the EU GDPR, and most with the US CCPA. None yet claim compliance with the upcoming EU Cyber Resilience Act, which is expected due to the regulation’s phased introduction. ISO/IEC 27001 and SOC 2 Type II certifications are commonly observed, though certification scopes vary and often require closer examination.
From a security posture perspective, all vendors offer vulnerability-reporting mechanisms, and several operate bug bounty programs. However, public disclosure of security advisories, incident-response details, and audit results remains inconsistent. Only a few vendors publish transparency reports detailing law enforcement data requests.
The technical analysis found that all evaluated products transmit some combination of device, network, environmental, or user-related metadata. Depending on configuration, some solutions also transmit usernames, hostnames, installed applications, and file names or hashes. A limited number of products were observed transmitting benign file contents under certain conditions. All vendors provide options to configure telemetry, file submission, and reputation services, though the clarity and granularity of these settings differ significantly.

Implications for Organizations
The findings underscore the growing importance of transparency as a key procurement criterion. The study recommends that organizations verify certifications and compliance claims through official documentation rather than marketing statements; request SBOMs where available; examine incident-response obligations and Safe Harbor commitments; and carefully review telemetry, sample-submission, and privacy-related settings before deployment.
Enterprises operating in regulated or privacy-sensitive environments are advised to confirm offline capabilities, review data-retention policies, and validate data-centre locations to ensure compliance with internal and regulatory requirements.

Call to Action
Organizations seeking to strengthen their cybersecurity governance, compliance posture, and vendor risk management are encouraged to review the full TRACS 2025 report. The complete study provides detailed insights, data tables, and vendor-specific observations that can support more transparent and informed decision-making.
Read the full report for all findings and recommendations here.

Thomas Uhlemann
AV-Comparatives GmbH
+43 512 28778813
press@av-comparatives.org
Visit us on social media:
LinkedIn
Facebook
X

Legal Disclaimer:

EIN Presswire provides this news content "as is" without warranty of any kind. We do not accept any responsibility or liability for the accuracy, content, images, videos, licenses, completeness, legality, or reliability of the information contained in this article. If you have any complaints or copyright issues related to this article, kindly contact the author above.

You just read:

Independent TRACS 2025 Study Highlights Transparency and Data Practices in Leading Cybersecurity Products

Distribution channels: Banking, Finance & Investment Industry, Business & Economy, Companies, Energy Industry, IT Industry


EIN Presswire's priority is author transparency. We do our best to weed out false and misleading content. The content above is the sole responsibility of the author who makes it available. If you have any complaints, kindly contact the author above.

Contact
Thomas Uhlemann
AV-Comparatives GmbH
+43 512 28778813 press@av-comparatives.org
Company/Organization
AV-Comparatives
Grabenweg 68
Innsbruck, 6020
Austria
+43 512 287788
Visit Website
Visit Newsroom
About

AV-Comparatives is the globally recognised, ISO 9001:2015-certified authority in independent cybersecurity testing. Founded in 1999 as a research initiative at the University of Innsbruck, AV-Comparatives has evolved into the world’s leading testing lab for cybersecurity solutions. From its origins investigating antivirus performance, the organisation now evaluates the entire cybersecurity landscape, including endpoint protection, EDR/XDR platforms, mobile and Mac security, anti-phishing, VPNs , parental controls, and cutting-edge operational technology (OT) defences. AV-Comparatives harnesses cutting-edge threat intelligence to conduct rigorous, real-world testing that mirrors the evolving global threat landscape. Our scientifically grounded methodology ensures the highest levels of accuracy, transparency, and impartiality. Each test is designed to evaluate whether cybersecurity products deliver on their promises, empowering consumers, enterprises, and critical infrastructure providers to make informed, data-driven security decisions. Results are freely accessible to the public, including private users, news organisations, and academic institutions. Certification from AV-Comparatives is regarded globally as an independent seal of excellence, trusted by vendors, IT professionals, and analysts alike. With a commitment to innovation and continuous improvement, AV-Comparatives remains at the forefront of cybersecurity assurance across IT, IoT, and OT domains. As the cybersecurity industry evolves, we continue to uphold our core values. Certification by AV-Comparatives provides an official seal of approval for software performance, which is globally recognised. The story of AV-Comparatives began the way it does, with so many computer users, namely with a virus infection. In 1993, Andreas Clementi was hit by a computer virus: the “November 17 virus – NOV_17.855”. This awakened his interest. Andreas was not satisfied with the sometimes very contradictory tests of antivirus programs in computer magazines, and so began the intensive investigation of malware and antivirus software, which continues to this day. In 1999, he founded AV-Comparatives as a student project at the University of Innsbruck. This was done purely out of technical interest, to see how good the products of different manufacturers actually are. The response was enormous, as the manufacturers of antivirus software became aware of the duo in Innsbruck and wanted to take part in the tests. AV-Comparatives Where Cybersecurity Meets Trust Unbiased. Transparent. Trusted.

AV-Comparatives

More From This Author
Independent TRACS 2025 Study Highlights Transparency and Data Practices in Leading Cybersecurity Products
AV-Comparatives Publishes 2025 Phishing Protection Results: Avast, ESET & Norton Best Against Phishing Attacks
AV-Comparatives Publishes Consumer Antivirus Tests: Which Cybersecurity Software Keeps You Safe Without Slowing You Down
View All Stories From This Author