Qualys has partnered with Converge to introduce a joint cyber insurance offering designed to reward organizations that demonstrate strong cybersecurity hygiene through measurable risk reduction.
The collaboration enables customers using Enterprise TruRisk Management (ETM) to potentially qualify for reduced cyber insurance premiums by providing insurers with verified, real-time security posture data.
The initiative addresses long-standing challenges in cyber insurance underwriting, where insurers often rely on manual questionnaires and self-reported information that can be inconsistent or outdated. Through the new Qualys Converge Connect Insurance Report (CCIR), organizations can automatically share validated security metrics covering vulnerability management, patching performance, endpoint detection controls, and remediation effectiveness.
“With verified data, we will be able to underwrite to a company’s live security posture.” — Tom Kang, CEO, Converge
According to the companies, the CCIR enables underwriters to assess cyber risk more accurately using live operational data instead of static annual assessments. This allows premiums to better reflect an organization’s actual security posture and ongoing cyber hygiene efforts.
Tom Kang, CEO of Converge, said the partnership introduces a more data-driven underwriting model that allows insurers to evaluate “live security posture” rather than relying on periodic snapshots and self-reported answers.
“ETM provides stakeholders with an accurate picture of their true cyber risk.” — Sumedh Thakar, President and CEO, Qualys
Sumedh Thakar, President and CEO of Qualys, said cyber insurance is becoming a critical part of enterprise risk management strategies, but organizations need clearer alignment between their security investments and insurance costs. He noted that ETM was designed to provide a more accurate assessment of enterprise cyber risk while helping customers achieve business outcomes such as insurance savings.
The automated reporting process also aims to reduce administrative burden and eliminate inaccuracies associated with manual insurance applications. The report includes measurable indicators such as remediation velocity, compliance rates, asset coverage, and security control effectiveness.
The CCIR integrates data from multiple Qualys solutions, including Qualys VMDR, TruRisk Eliminate, and Endpoint Detection and Response.
The offering is now available through ETM, with reports remaining valid for 30 days.
