Qualys and Converge have launched a joint cyber insurance initiative designed to link insurance premiums directly to an organisation’s demonstrated cyber security posture.
The partnership combines Qualys’ Enterprise TruRisk Management platform with Converge’s underwriting operations, enabling organisations to provide insurers with continuously updated security telemetry rather than relying on traditional self-reported questionnaires and point-in-time assessments.
As a part of the deal, Qualys customers who can demonstrate strong cyber hygiene through metrics such as vulnerability management, patching performance, and endpoint security may qualify for reduced cyber insurance premiums.
The approach, according to the two companies, is designed to create a more objective model for cyber insurance pricing at a time when ransomware attacks, supply chain compromises, and data breaches continue to drive losses across the sector.
“Cyber risk has historically been priced on snapshots and self-reported answers, leaving real exposure invisible between renewals,” Tom Kang, CEO of Converge, said in a statement.
“With verified data, we will be able to underwrite to a company’s live security posture and provide policyholders who do the hard work of reducing risk to see the benefits.”
The initiative centres on the new Qualys Converge Connect Insurance Report, or CCIR, which automatically aggregates security data from the Qualys platform into a standardised reporting format for insurers. The report provides visibility into remediation speed, compliance performance, asset coverage and exposure management, allowing underwriters to evaluate risk based on live operational data rather than static annual reviews.
Qualys said the automated reporting model also reduces administrative overhead for customers by eliminating manual insurance questionnaires and minimising the risk of inaccurate or incomplete reporting.
“Cyber insurance is key to the overall risk management strategy, but there has to be an easier way to correlate the strength of an organisation’s cyber posture with what they should pay in insurance,” Sumedh Thakar (pictured), president and CEO of Qualys, said.
“That’s why we created ETM to provide stakeholders with an accurate picture of their true risk, enabling better business outcomes like cyber insurance savings, and a greater incentive to reduce their cyber risk.”
The CCIR will incorporate telemetry from multiple Qualys products, including Qualys VMDR, Qualys TruRisk Eliminate and Qualys EDR. Reports will be generated live and remain valid for 30 days.
Want to see more stories from trusted news sources?Make Cyber Daily a preferred news source on Google.
David Hollingworth
David Hollingworth has been writing about technology for over 20 years, and has worked for a range of print and online titles in his career. He is enjoying getting to grips with cyber security, especially when it lets him talk about Lego.