Facebook Google Plus Twitter LinkedIn YouTube RSS Menu Search Resource - BlogResource - WebinarResource - ReportResource - Eventicons_066 icons_067icons_068icons_069icons_070

Cyber Insurance (Explore)

by Carole Fennelly
February 16, 2023

Cyber Insurance T.IO Report Screenshot

The Tenable Cyber Insurance Report provides measurements for the foundation of a cyber risk management program for organizations and is intended to be submitted on a voluntary basis to a cyber insurance provider as part of the underwriting process. Organizations are required to provide underwriters supporting evidence data that demonstrates the strength of their cybersecurity and risk management programs. Tenable.io provides organizations the ability to demonstrate risk management maturity with insurance companies. Insurance companies that issue cyber insurance policies have varying questionnaires and rating services that may not provide a complete picture of the organization’s cyber risk. The data provided in this report helps facilitate risk analysis based on vulnerabilities discovered using the Tenable vulnerability management platform, which provides information about the organization’s cyber risk exposure.

Organizations must know the existence and location of critical assets to ensure that assets are monitored and protected based on the business risk rating of each asset. Identifying assets facilitates vulnerability scanning and remediation by ensuring that scans are configured to probe for common weaknesses in the platform or application.

Risk Treatment is a strategy to appropriately manage threats to maximize profit and minimize financial loss. Cyber risk is associated with a level of severity of identified vulnerabilities that could potentially cause financial loss to the organization. Severity can be adjusted by accepting risk or adjusting vulnerability severity levels. This report has been configured to only report statistics on vulnerabilities and assets detected during the last 180 days. The report also takes a static approach by using the CVSSv3 Base Score to measure severity. The CVSS Base Score is divided into severity levels, 0 for Informational, 0.1-3.9 for Low, 4.0-6.9 for Medium, 7.0 to 9.9 for High, and 10 for Critical. These severity levels are used throughout this report.

The Cyber Insurance Report has read-only widgets that cannot be modified by Tenable.io users that provide underwriters insight into an organization's cyber risk posture. This report benefits both insurers and applicants seeking to demonstrate proactive risk reduction actions. Tenable.io users are not able to modify the report by adding additional filters using Tags or Custom Assets. This report displays all assets discovered using the sources Nessus, Nessus Agent, or Nessus Network Monitor (NNM).

Please Note: Tenable is phasing the rollout of the Cyber Insurance Report across Tenable.io and Tenable One customers to best support users and mitigate any potential issues. Throughout 1H 2023, Tenable will continue to release these to customers. For more complex rollouts, account managers will be in touch to spearhead the process.

Chapters

Discovery and Assessment – Organizations need to identify the existence and location of critical assets to ensure that said assets are monitored and protected based on the business risk rating of each asset. The widgets in this section provide details on the discovery and assessment of assets that demonstrate that the assets are monitored and protected based on the business risk rating of each asset.

Risk Prioritization – This section displays risk by Asset Criticality Rating, Common Vulnerability Scoring System (CVSS), exploitability by Attack Vector and Framework. Asset Criticality Rating (ACR) establishes the priority of each asset based on indicators of business value and criticality. ACR is based on several key metrics such as business purpose, asset type, location, connectivity, capabilities and third- party data.

Vulnerability Management – The information in this section describes risks associated with vulnerabilities that are included in exploit frameworks.  Exploitability data for various exploit frameworks, including attack vectors, are leverage to communicate the current state of risk mitigation efforts.

SLAs and Remediation – Service Level Agreements (SLAs) often change from one organization to the next, however meeting SLAs is a common issue among organizations. SLAs define an expected level of service by which measurements, metrics, or penalties can be established. An SLA is a critical component of a vulnerability management program. Reviewing mitigated vulnerabilities and the mitigation time-frame provides valuable information to the organization on the success of the risk remediation program, ensuring alignment with technology or business objectives. 

Category

Tenable Vulnerability Management

Enjoy full access to a modern, cloud-based vulnerability management platform that enables you to see and track all of your assets with unmatched accuracy.

Your Tenable Vulnerability Management trial also includes Tenable Lumin and Tenable Web App Scanning.

Tenable Vulnerability Management

Enjoy full access to a modern, cloud-based vulnerability management platform that enables you to see and track all of your assets with unmatched accuracy. Purchase your annual subscription today.

100 assets

Choose Your Subscription Option:

Buy Now

Tenable Vulnerability Management

Enjoy full access to a modern, cloud-based vulnerability management platform that enables you to see and track all of your assets with unmatched accuracy.

Your Tenable Vulnerability Management trial also includes Tenable Lumin and Tenable Web App Scanning.

Tenable Vulnerability Management

Enjoy full access to a modern, cloud-based vulnerability management platform that enables you to see and track all of your assets with unmatched accuracy. Purchase your annual subscription today.

100 assets

Choose Your Subscription Option:

Buy Now

Tenable Vulnerability Management

Enjoy full access to a modern, cloud-based vulnerability management platform that enables you to see and track all of your assets with unmatched accuracy.

Your Tenable Vulnerability Management trial also includes Tenable Lumin and Tenable Web App Scanning.

Tenable Vulnerability Management

Enjoy full access to a modern, cloud-based vulnerability management platform that enables you to see and track all of your assets with unmatched accuracy. Purchase your annual subscription today.

100 assets

Choose Your Subscription Option:

Buy Now

Try Tenable Web App Scanning

Enjoy full access to our latest web application scanning offering designed for modern applications as part of the Tenable One Exposure Management platform. Safely scan your entire online portfolio for vulnerabilities with a high degree of accuracy without heavy manual effort or disruption to critical web applications. Sign up now.

Your Tenable Web App Scanning trial also includes Tenable Vulnerability Management and Tenable Lumin.

Buy Tenable Web App Scanning

Enjoy full access to a modern, cloud-based vulnerability management platform that enables you to see and track all of your assets with unmatched accuracy. Purchase your annual subscription today.

5 FQDNs

$3,578

Buy Now

Try Tenable Lumin

Visualize and explore your exposure management, track risk reduction over time and benchmark against your peers with Tenable Lumin.

Your Tenable Lumin trial also includes Tenable Vulnerability Management and Tenable Web App Scanning.

Buy Tenable Lumin

Contact a Sales Representative to see how Tenable Lumin can help you gain insight across your entire organization and manage cyber risk.

Try Tenable Nessus Professional Free

FREE FOR 7 DAYS

Tenable Nessus is the most comprehensive vulnerability scanner on the market today.

NEW - Tenable Nessus Expert
Now Available

Nessus Expert adds even more features, including external attack surface scanning, and the ability to add domains and scan cloud infrastructure. Click here to Try Nessus Expert.

Fill out the form below to continue with a Nessus Pro Trial.

Buy Tenable Nessus Professional

Tenable Nessus is the most comprehensive vulnerability scanner on the market today. Tenable Nessus Professional will help automate the vulnerability scanning process, save time in your compliance cycles and allow you to engage your IT team.

Buy a multi-year license and save. Add Advanced Support for access to phone, community and chat support 24 hours a day, 365 days a year.

Select Your License

Buy a multi-year license and save.

Add Support and Training

Try Tenable Nessus Expert Free

FREE FOR 7 DAYS

Built for the modern attack surface, Nessus Expert enables you to see more and protect your organization from vulnerabilities from IT to the cloud.

Already have Tenable Nessus Professional?
Upgrade to Nessus Expert free for 7 days.

Buy Tenable Nessus Expert

Built for the modern attack surface, Nessus Expert enables you to see more and protect your organization from vulnerabilities from IT to the cloud.

Select Your License

Buy a multi-year license and save more.

Add Support and Training