The Explain Feature
The Explain Feature
Every validation group in the CIPScore detail view has an Explain button. Click it to open a side panel with an AI-generated briefing: what was found, why it matters for insurability, how to fix it, and how your services connect to the solution.
Tip: Explain is the best way to understand scan results
Whenever you want to understand what an insurability validation means, how it affects your client's posture, or what to do about it, use the Explain button directly on that validation. Each briefing is generated from your client's actual data and is always up to date with their latest scan. Explain gives you the full context: the technical meaning, the insurability impact, real-world incident references, step-by-step remediation, and how your own services connect to the solution.
Note: Every Explain is unique
Explain content is not a static template. Inscora's trained LLM generates each section live, based on the specific scan results for that client and that validation. Two clients with different results for the same check will get different content.
How to Use Explain
Navigate to any CIPScore category detail page (for example, Email & Web Protection or Access & Protocol Hardening). Each validation group - such as "Insecure Remote Access Technologies not in use" - has an Explain button next to its name. Click it to open the Explain panel on the right side of the screen.
The Explain panel showing remediation steps and service provider recommendations, generated from the specific scan results and your service catalog.
What's Inside the Explain Panel
The panel walks through several sections, starting with what was found and going all the way to who can help fix it.
Category Details
The header shows which CIPScore category you're in and a severity summary (e.g. 49 Valid, 1 Critical), so you know the big picture before reading further.
What Is the Validation?
A plain-language explanation of what this validation checks, written so that both a security engineer and a business owner can follow it. For a reference of all validations, see the individual category pages (Email & Web Protection, Access & Protocol Hardening, Vulnerability & Patch Management, End-of-Life Asset Management, Data & Backup Security).
Why Is This Important?
Explains why this validation matters for cyber insurability specifically, not just cybersecurity in general. It connects the technical check to what insurers look at when underwriting.
Summary of Detections
A breakdown of what the scan found for this client, grouped by severity. Inscora does both positive and negative validation, so this section doesn't just flag problems; it also confirms what's working. You might see entries like:
Severity | What it means here |
|---|---|
π΄ Critical | A significant issue was found, e.g. an exposed RDP service on a specific host and port. |
π’ Valid | The check passed. The expected control is in place or the insecure service was not detected. |
You get the full picture: not just what's wrong, but also what's right.
Impact if Not Addressed
This is where Inscora's insurability expertise shows. Instead of a generic warning, this section frames the validation result in terms of its real consequences:
Perspective | Example |
|---|---|
Risk profile | How this gap increases the likelihood or severity of a breach. |
Insurance premiums & coverage | How unaddressed issues may lead to higher premiums, stricter terms, or coverage limitations. |
Denial of coverage | Whether persistent exposure could be viewed as a lack of basic cyber hygiene, potentially leading to a refusal to underwrite. |
Useful when talking to clients who don't respond to technical risk language but do understand financial and business implications.
Cyber Incidents References
Inscora links each validation to real-world cyber incidents that exploited a similar weakness. These are not generic examples; the LLM picks incidents relevant to the specific exposure detected for this client. Each reference includes a short description and a link to a public source.
This helps your client see that the risk is not theoretical. These are real attacks that hit real organizations through the same kind of gap.
How to Fix It
Numbered remediation steps, specific to the validation result. This section serves as a shared reference for both the Service Provider and the client: what needs to happen, whether it's straightforward (disable an unused service) or involved (redesign remote access architecture).
How Your Service Provider Can Help
Inscora matches the validation result to relevant services from your own service catalog, so the recommendations are tied to services you actually offer, not generic advice.
For example, if the scan detected an exposed RDP service, this section might surface your Advisory Services, Managed Firewall, or Perimeter Pentesting, each with a short explanation of how that service addresses the gap.
Tip: Connecting scan results to your services
This section is powered by your service catalog. Inscora reads the services and capabilities you've described and connects them to each validation result. Every Explain briefing positions your services in the context of a real, evidenced client need, which makes it easy to have productive conversations about next steps.
Note: Service catalog setup
To get the most out of this feature, make sure your service catalog is uploaded and up to date in your organization settings. The richer your catalog descriptions, the more precisely Inscora can match your services to client scan results.
References
Links to external resources (technical docs, best-practice guides, standards references) related to the technologies or protocols mentioned. Useful for sharing with technical staff who want implementation details.
Terms Explained
A glossary at the bottom of the panel defining the technical terms, acronyms, and protocols used in the briefing. Your client's CFO doesn't need to Google "NLA" or "DKIM" to follow along.
Two Types of Explain
The Explain feature exists in two forms within Inscora:
Type | Where | Based on |
|---|---|---|
Scan validation Explain | CIPScore category detail pages | Perimeter scan results (the insurability validations from the automated scan). |
Questionnaire Explain | Cyber insurability assessment | Client responses to assessment questions (self-reported state of internal controls). |
Both use Inscora's trained LLM, but for different purposes: the scan Explain interprets what Inscora detected from the outside, while the questionnaire Explain interprets what the client reported from the inside. Together, they build the full picture.