Qualys and Converge have launched a joint offering aimed at reducing cyber insurance premiums for organisations that can demonstrate measurable cyber risk reduction using Qualys’ Enterprise TruRisk Management (ETM) platform.
The offering centres on the Qualys Converge Connect Insurance Report (CCIR), which the companies say is designed to streamline cyber insurance applications by replacing manual questionnaires with standardised data generated from a customer’s environment. Qualys said the report verifies controls such as vulnerability management, patch management and endpoint detection, providing information for Converge underwriters to assess.
The announcement positions the approach as a response to insurers’ difficulty in pricing cyber risk amid rising ransomware, data breach and supply chain incidents. It also targets what the companies describe as a key limitation of current application processes: reliance on time-consuming self-reporting that can be inconsistent or inaccurate.
According to Qualys, data from ETM feeds into the CCIR to reduce administrative effort and support ongoing assessment. The report is intended to include metrics such as remediation speed, compliance rates and asset coverage, and is designed to reflect an organisation’s security posture rather than industry averages. Qualys said the CCIR is generated live and is valid for 30 days.
“Cyber risk has historically been priced on snapshots and self-reported answers, leaving real exposure invisible between renewals,” said Tom Kang, CEO of Converge. “With verified data, we will be able to underwrite to a company’s live security posture and provide policyholders who do the hard work of reducing risk to see the benefits.”
“Cyber insurance is key to the overall risk management strategy, but there has to be an easier way to correlate the strength of an organisation’s cyber posture with what they should pay in insurance,” said Sumedh Thakar, president and CEO of Qualys. “That’s why we created ETM to provide stakeholders with an accurate picture of their true risk, enabling better business outcomes like cyber insurance savings, and a greater incentive to reduce their cyber risk.”
Qualys said the CCIR covers several products across its portfolio, including ETM, Vulnerability Management, Detection and Response (VMDR), TruRisk Eliminate, and Endpoint Detection and Response (EDR). The company said the CCIR is available now in ETM.
