Qualys and Converge tie cyber risk data to insurance pricing

Qualys and Converge tied cyber risk management directly to cyber insurance pricing, turning security telemetry into something underwriters can use without chasing another spreadsheet. The joint offering, announced on May 5, 2026, lets organizations that can prove strong hygiene in Qualys Enterprise TruRisk Management potentially qualify for reduced cyber insurance premiums from Converge, although the companies did not disclose any discount formula or dollar amount.

The mechanics matter. Qualys said the Converge Connect Insurance Report captures verified evidence across vulnerability management, patch management and endpoint detection controls, then packages that posture in a standardized format Converge can assess quickly and accurately. The report is valid for 30 days, which makes it a near-current snapshot rather than an annual attestation that can drift out of date almost as soon as it is filed. That is a sharp break from the usual cyber insurance workflow, where static questionnaires and self-reported answers still do too much of the heavy lifting.

For cyber insurers, that shift could improve risk selection and pricing precision at a time when ransomware, data breaches and supply-chain incidents have made manual underwriting harder to trust. For buyers, it creates a direct financial payoff for better security operations: if the company can show patched systems, monitored endpoints and lower exposure, the insurer has a cleaner signal to price against. In practice, that is the real story here. The product is not just a data export. It is a bridge between day-to-day security operations and a line of business that has often relied on incomplete answers.

The deal also fits where Converge is in its own life cycle. Founded in 2021, the insurtech says it brings cyber risk coverage to broker partners across the U.S. through QBE, its capacity provider. Its broker materials already point to underwriting inputs such as risk scores, vulnerabilities detected by perimeter monitoring and leaked credentials found through dark web monitoring, so a standardized Qualys report slots neatly into a model that already leans on machine-readable risk signals.

Qualys Enterprise TruRisk Management, launched in October 2024, gives the partnership a concrete platform to build on. Qualys describes ETM as an AI-powered risk operations platform and cloud-based Risk Operations Center that aggregates asset, vulnerability and business-context data into a TruRisk score. That is exactly the kind of structured risk signal cyber insurance has been missing, and exactly why this deal is likely to get attention from both security teams and brokers.