Cloudflare and Mastercard Partner to Extend Comprehensive Cyber Defense Across Critical Infrastructure and Small Businesses

Rhea-AI Impact

(Neutral)

Rhea-AI Sentiment

(Neutral)

Key Terms

attack surface monitoring technical

Attack surface monitoring is the ongoing scanning and tracking of all digital entry points—websites, cloud services, employee devices, and exposed code—that could let hackers in. Think of it like checking every door, window and hidden crawlspace of a house and watching for new openings. For investors, it matters because a larger or poorly tracked attack surface increases the chance of costly breaches, downtime, regulatory fines, and damage to reputation, all of which can hurt a company’s value.

attack surface technical

The attack surface is the collection of points where a company's digital systems, devices, or networks can be accessed, misused, or breached — think of it as the number of doors and windows a thief could try. A larger or more complex attack surface raises the chance of a costly security breach, which can lead to direct losses, regulatory fines, and damage to customer trust and the company's stock value, so investors watch it as a measure of operational and cybersecurity risk.

critical infrastructure technical

Critical infrastructure are the essential systems and facilities—such as power grids, water supply, telecommunications, transportation networks, financial systems and healthcare services—that society and the economy rely on to function. For investors, these assets matter because damage, outages or regulation affecting them can abruptly disrupt business operations, revenue and market value; conversely, their stable, mission-critical nature often attracts steady demand, government support or long-term contracts, reducing risk much like a solid foundation supports a house.

web application firewall technical

A web application firewall is a security tool that watches and filters traffic between the internet and a website or online service, blocking malicious requests that try to steal data, disrupt service, or exploit weaknesses — like a security guard checking visitors before they enter a building. For investors, it matters because effective protection lowers the risk of costly data breaches, outages, fines and reputational damage, which can preserve revenue and company value, while purchases or upgrades reflect spending on operational risk management.

encryption technical

Encryption is a way of locking digital information so only someone with the correct electronic key can read it, like putting a message into a sealed, coded envelope. For investors it matters because strong encryption helps protect customer data, trade secrets and financial records from theft or tampering, supports legal and regulatory compliance, and preserves a company’s reputation and value by reducing the risk of costly breaches.

authentication weaknesses technical

Authentication weaknesses are flaws in the ways a system checks who is allowed access — like a lock with a predictable key or a door that sometimes opens without the right code. For investors, these weaknesses matter because they can lead to data breaches, operational outages, regulatory fines or loss of customer trust, any of which can harm revenue, increase costs, and damage a company’s stock value.

third-party risks technical

Third-party risks are the potential losses or disruptions a company may face because of actions, failures or problems at other organizations it depends on, such as suppliers, service providers, contractors or partners. For investors, these risks matter because a supplier breakdown, data breach at a vendor or a partner’s legal trouble can slow revenue, raise costs or hurt reputation — like a car’s performance being limited by a faulty tire made by another company.

02/17/2026 - 08:00 AM

Combined security offerings will uncover hidden risks, assess security posture, and automate defenses for all web-facing assets

SAN FRANCISCO & PURCHASE, N.Y.--(BUSINESS WIRE)-- Cloudflare, Inc. (NYSE: NET), the leading connectivity cloud company, and Mastercard Incorporated (NYSE: MA) today announced a strategic partnership with the intent to develop tools to help small businesses, critical infrastructure, and governments protect themselves from today’s most pressing cyber threats without putting the brakes on innovation.

Attack surface monitoring capabilities from Mastercard’s Recorded Future and RiskRecon, paired with Cloudflare’s Application Security portfolio, will be designed to allow millions of organizations to defend against the risks posed by an increasingly interconnected digital world. From one unified solution, users will gain the ability to map, prioritize, and automate swift remediation of hidden risks across their internet-facing environments.

Emerging technologies and tools pose opportunities for organizations to innovate at speed and find creative ways to scale their businesses. But as new vendors, outsourced services, shadow IT, and legacy systems are layered into business environments, the attack surface becomes unknown, and security teams are often left in the dark. This presents a potential visibility gap that could allow threat actors to gain the upper hand. Organizations now require cyber defense that allows them to innovate as fast as they want, with the necessary safeguards in place to protect critical information.

"Improving critical infrastructure cybersecurity and reducing cyber risk is an ongoing, challenging mission," said Dan Cimpean, Director of the Romanian National Cyber Security Directorate. “As society and global economies increasingly rely on digital networks, we must combine our efforts across the public and private sectors, across nations and international organizations, to build resilience and prevent cyber incidents. The protection of critical infrastructure is and must be a joint effort."

Cloudflare and Mastercard intend to help protect small businesses, critical infrastructure, and governments by:

Eliminating blind spots: Users will be able to monitor their digital presence by discovering any internet-facing domains or software stacks running on the web through Recorded Future. When unprotected assets are identified, organizations will be able to immediately extend Cloudflare’s Application Security Portfolio to secure these shadow assets.
Providing real-time, accurate views of cyber posture: Companies will have access to a comprehensive, continuously updated view of their cyber posture powered by Recorded Future. This includes an “A–F” graded security rating based on several checks for security controls across software vulnerabilities, authentication weaknesses, exposed infrastructure, and third-party risks. These findings will appear in Cloudflare’s Security Insights dashboard, prioritized by the asset’s criticality, with added context on severity.
Translating risk insights into actionable protection: Organizations will have the ability to enable security controls – such as a web application firewall, encryption, or automated defenses – to mitigate identified risks through the Cloudflare dashboard.

“For small businesses, critical infrastructure, and governments, a cyberattack is more than a technical hurdle. It is an existential threat. Often considered ‘target rich but resource poor,’ these organizations are strategic targets and are often attacked at a greater rate than global enterprise or Fortune 500 organizations,” said Stephanie Cohen, chief strategy officer at Cloudflare. “This partnership brings together the best in cyber defense so that these underserved organizations don’t fall victim to the growing number of cyberattacks.”

“With small businesses accounting for about half of the world’s GDP, closing the resilience gap is critical to securing the foundation of our global economy,” said Johan Gerber, global head of Security Solutions at Mastercard. “Our collaboration with Cloudflare propels our mission to secure the digital ecosystem in partnership with governments and other key players, empowering businesses to focus on what matters most: their productivity and growth.”

To learn more about the Mastercard and Cloudflare offerings, please visit:

About Cloudflare

Cloudflare, Inc. (NYSE: NET) is the leading connectivity cloud company on a mission to help build a better Internet. It empowers organizations to make their employees, applications and networks faster and more secure everywhere, while reducing complexity and cost. Cloudflare’s connectivity cloud delivers the most full-featured, unified platform of cloud-native products and developer tools, so any organization can gain the control they need to work, develop, and accelerate their business.

Powered by one of the world’s largest and most interconnected networks, Cloudflare blocks billions of threats online for its customers every day. It is trusted by millions of organizations—from the largest brands to entrepreneurs and small businesses to nonprofits, humanitarian groups, and governments across the globe.

Learn more about Cloudflare’s connectivity cloud at cloudflare.com/connectivity-cloud. Learn more about the latest Internet trends and insights at https://radar.cloudflare.com.

About Mastercard

Mastercard powers economies and empowers people in 200+ countries and territories worldwide. Together with our customers, we’re building a resilient economy where everyone can prosper. We support a wide range of digital payments choices, making transactions secure, simple, smart and accessible. Our technology and innovation, partnerships and networks combine to deliver a unique set of products and services that help people, businesses and governments realize their greatest potential.

www.mastercard.com

Forward-Looking Statements

This press release contains forward-looking statements within the meaning of Section 27A of the Securities Act of 1933, as amended, and Section 21E of the Securities Exchange Act of 1934, as amended, which statements involve substantial risks and uncertainties. In some cases, you can identify forward-looking statements because they contain words such as “may,” “will,” “should,” “expect,” “explore,” “plan,” “anticipate,” “could,” “intend,” “target,” “project,” “contemplate,” “believe,” “estimate,” “predict,” “potential,” or “continue,” or the negative of these words, or other similar terms or expressions that concern Cloudflare’s expectations, strategy, plans, or intentions. However, not all forward-looking statements contain these identifying words. Forward-looking statements expressed or implied in this press release include, but are not limited to, statements regarding the capabilities and effectiveness of Cloudflare’s Application Security portfolio and Cloudflare’s other products and technology, the benefits to Cloudflare’s customers from using Cloudflare’s Application Security portfolio and Cloudflare’s other products and technology, Cloudflare’s partnership with Mastercard and the potential resulting benefits to Cloudflare customers, the potential opportunity for Cloudflare to attract additional customers and to expand sales to existing customers through Cloudflare’s partnership with Mastercard, Cloudflare’s technological development, future operations, growth, initiatives, or strategies, and comments made by Cloudflare’s Chief Strategy Officer and others. Actual results could differ materially from those stated or implied in forward-looking statements due to a number of factors, including but not limited to, risks detailed in Cloudflare’s filings with the Securities and Exchange Commission (SEC), including Cloudflare’s Quarterly Report on Form 10-Q filed on October 30, 2025, as well as other filings that Cloudflare may make from time to time with the SEC.

The forward-looking statements made in this press release relate only to events as of the date on which the statements are made. Cloudflare undertakes no obligation to update any forward-looking statements made in this press release to reflect events or circumstances after the date of this press release or to reflect new information or the occurrence of unanticipated events, except as required by law. Cloudflare may not actually achieve the plans, intentions, or expectations disclosed in Cloudflare’s forward-looking statements, and you should not place undue reliance on Cloudflare’s forward-looking statements.

©2026 Cloudflare, Inc. All rights reserved. Cloudflare, the Cloudflare logo, and other Cloudflare marks are trademarks and/or registered trademarks of Cloudflare, Inc. in the U.S. and other jurisdictions. All other marks and names referenced herein may be trademarks of their respective owners.