Qualys and Converge have introduced a joint offering designed to reward organisations with proven cybersecurity compliance. The initiative enables Qualys customers using Enterprise TruRisk Management to potentially secure lower cyber insurance premiums through demonstrated risk reduction and strong security practices.
Traditional cyber insurers struggle to price and assess risk accurately against the backdrop of increasing ransomware attacks, data breaches, and supply chain incidents. Current cyber insurance applications rely on manual questionnaires, a process that is time-consuming, inconsistent, and easy to get wrong. The Qualys Converge Connect Insurance Report (CCIR) generated by ETM allows a company’s data to speak for itself, verifying vulnerability management, patch management, and endpoint detection controls in a standardized format that Converge underwriters can evaluate quickly and accurately. By providing underwriters with accurate insights into an organization’s security posture in real time, the Qualys CCIR results in a more objective and precise premium that reflects real risk levels rather than industry averages.
Automated data from Qualys ETM feeds into the CCIR, saving time, reducing administrative burden, and eliminating the risk of inaccurate self-reporting. The report will include metrics that showcase measurable risk reduction, faster remediation velocity, higher compliance rates, and expanded asset coverage. It reduces friction and streamlines the cyber insurance application process, while giving organizations an ongoing incentive for improving their cyber hygiene.
“Cyber risk has historically been priced on snapshots and self-reported answers, leaving real exposure invisible between renewals,” said Tom Kang, CEO of Converge. “With verified data, we will be able to underwrite to a company’s live security posture and provide policyholders who do the hard work of reducing risk to see the benefits.”
“Cyber insurance is key to the overall risk management strategy, but there has to be an easier way to correlate the strength of an organization’s cyber posture with what they should pay in insurance,” said Sumedh Thakar, president and CEO of Qualys. “That’s why we created ETM to provide stakeholders with an accurate picture of their true risk, enabling better business outcomes like cyber insurance savings, and a greater incentive to reduce their cyber risk.”
The Qualys CCIR will cover a range of solutions across the Qualys portfolio, including ETM, Vulnerability Management, Detection and Response (VMDR), TruRisk Eliminate, and Endpoint Detection and Response (EDR). The report, independently generated live, will be valid for 30 days.
