Qualys and Converge link cyber premiums to real-time risk

Security and compliance company Qualys and cyber MGA Converge have introduced a joint offering that ties cyber insurance premiums to real-time security data, replacing traditional questionnaire-based underwriting with verified risk insights.

The product uses Qualys’ Enterprise TruRisk Management platform to generate a standardized Converge Connect Insurance Report, allowing underwriters to assess a company’s live security posture across areas like vulnerability management, patching, and endpoint protection. The report is updated continuously and valid for 30 days, giving insurers a more accurate view of risk compared to static, self-reported applications.

The approach is designed to streamline the application process, reduce administrative burden, and eliminate inaccurate disclosures. Companies that demonstrate strong cybersecurity practices can qualify for lower premiums, effectively linking pricing to measurable risk reduction instead of industry averages.

For insurers, the model introduces a shift toward continuous underwriting, while for businesses, it creates a financial incentive to maintain strong cyber hygiene.

“Cyber risk has historically been priced on snapshots and self-reported answers, leaving real exposure invisible between renewals. With verified data, we will be able to underwrite to a company’s live security posture and provide policyholders who do the hard work of reducing risk to see the benefits.” – Tom Kang, CEO of Converge Insurance

“Cyber insurance is key to the overall risk management strategy, but there has to be an easier way to correlate the strength of an organization’s cyber posture with what they should pay in insurance. That’s why we created ETM to provide stakeholders with an accurate picture of their true risk, enabling better business outcomes like cyber insurance savings, and a greater incentive to reduce their cyber risk.” – Sumedh Thakar, president and CEO of Qualys .