ChannelLife UK - Industry insider news for technology resellers
United Kingdom
Qualys & Converge launch cyber insurance pricing tool
Ransomware Cybersecurity insurance MFA

Qualys & Converge launch cyber insurance pricing tool

Wed, 6th May 2026 (Today)
Joseph Gabriel Lagonsin
JOSEPH GABRIEL LAGONSIN News Editor

Qualys and Converge have launched a joint cyber insurance offering for Qualys customers, linking insurance pricing to verified cyber risk data from Qualys Enterprise TruRisk Management.

The offering is intended to help organisations that can demonstrate stronger security controls through Qualys data seek lower premiums from Converge. It also changes how applications are assessed, replacing parts of the traditional questionnaire process with a report generated from live operational data.

At the centre of the arrangement is the Qualys Converge Connect Insurance Report, or CCIR. Produced through Enterprise TruRisk Management, it presents information on vulnerability management, patch management and endpoint detection controls in a standardised format for Converge underwriters.

Cyber insurers are under growing pressure to assess risk more accurately as ransomware attacks, data breaches and supply chain incidents continue to hit businesses. Manual application forms remain common across the market, but they can produce inconsistent answers and rely heavily on applicants' self-reporting.

Automated data from the Qualys system feeds into the report to cut administration and reduce the risk of incorrect submissions. The report includes measures tied to risk reduction, remediation speed, compliance rates and asset coverage.

For underwriters, the shift means applicants can be assessed using current security information rather than a point-in-time declaration. The report is generated independently, live, and remains valid for 30 days.

Converge said the model could support more precise pricing because it reflects an organisation's security posture rather than broad industry assumptions. That could create a financial incentive for businesses to improve patching, expand coverage across assets and maintain stronger operational discipline between policy renewals.

Tom Kang, Chief Executive Officer of Converge, said the market has often lacked enough visibility into how risk changes during a policy term.

"Cyber risk has historically been priced on snapshots and self-reported answers, leaving real exposure invisible between renewals," Kang said.

"With verified data, we will be able to underwrite to a company's live security posture and provide policyholders who do the hard work of reducing risk to see the benefits," he said.

How it works

The CCIR covers several products in the Qualys portfolio, including Enterprise TruRisk Management, Vulnerability Management, Detection and Response, TruRisk Eliminate, and Endpoint Detection and Response. Drawing on those products, the report is intended to give underwriters a broader view of operational cyber hygiene across an applicant's environment.

That matters in a market where insurers are trying to refine cyber policy pricing while loss activity remains volatile. Better evidence of how a company handles vulnerabilities and endpoints could help narrow the gap between perceived and actual risk, although the final premium decision still rests with the insurer.

For customers, the immediate attraction is the possibility of lower insurance costs if they can show measurable risk reduction. The arrangement also offers a simpler application process by removing some of the burden of filling out detailed forms and assembling evidence manually.

Qualys framed the move as part of a broader risk management discussion inside organisations, where cyber insurance is increasingly considered alongside operational security controls rather than as a separate financial product. Stronger visibility into cyber posture, it argued, should make it easier to connect security practice with insurance outcomes.

Sumedh Thakar, President and Chief Executive Officer of Qualys, said the company built Enterprise TruRisk Management to help organisations understand and present their cyber exposure more clearly.

"Cyber insurance is key to the overall risk management strategy, but there has to be an easier way to correlate the strength of an organisation's cyber posture with what they should pay in insurance," Thakar said.

"That's why we created ETM to provide stakeholders with an accurate picture of their true risk, enabling better business outcomes like cyber insurance savings, and a greater incentive to reduce their cyber risk," he said.

Market backdrop

The launch reflects a wider shift in cyber insurance towards more data-led underwriting. Insurers and brokers are looking for better ways to evaluate exposure as attacks become more frequent and costly, while policyholders face tighter scrutiny over controls such as multi-factor authentication, endpoint protection and patching performance.

Qualys has more than 10,000 subscription customers worldwide, including many large multinational companies, giving the new offering a sizeable potential user base. Converge focuses on cyber risk management and underwriting, putting it in a position to test whether live technical data can be turned into a more consistent insurance assessment.

The Qualys Converge Connect Insurance Report is now available in Enterprise TruRisk Management, and each report is valid for 30 days.

Related stories
MSPs warned as cyber criminals weaponise trusted access
Silverfort & SentinelOne unite on AI identity security
UK firms urged to bolster cyber security after breaches
UK manufacturers hit by cyber attacks, survey finds
eScan wins AV-TEST award for enterprise protection
Top stories
Infoblox completes Axur takeover to boost threat defence
RecordPoint named in Forrester AI governance landscape
New Relic launches AI knowledge layer for IT incidents
LogicMonitor adds IBM watsonx & Red Hat to Edwin AI
Genetec urges tighter identity controls for security systems