Help Center
Go back to application
Help Center
Go back to application
Getting Started
DashboardAdd a Client
Scanning & CIPScore
Run an Insurability ScanUnderstanding the Cyber Insurability Posture ScoreEmail & Web ProtectionAccess & Protocol HardeningVulnerability & Patch ManagementEnd-of-Life Asset ManagementData & Backup SecurityThe Explain Feature
Assessments & Brokerage
Create & Finalize an AssessmentThe Questionnaire ViewDigital Asset Manager
Team & Collaboration
Invite a Client User
Settings & Configuration
Organization SettingsPersonal Settings
Additional Features
PipelineIntegrations
Support
Getting Help

Vulnerability & Patch Management

Vulnerability & Patch Management

The Vulnerability & Patch Management category checks for known vulnerabilities in internet-facing systems and evaluates patching cadence. Timely patching - especially for critical and high-severity vulnerabilities - is a fundamental control that insurers assess. Organisations with disciplined, measurable patching processes demonstrate significantly lower risk profiles.

This category is assessed from the perimeter scan. Below is the validation Inscora performs within this category.

Known Vulnerability Detection

Non-Critical Vulnerabilities Detected

This validation checks whether the host is running software that has been publicly reported as vulnerable (with records dating back to 2008). It places any discovered weaknesses into low, medium or high-criticality groups and notes a clean bill of health when no such weaknesses are found.

Why this matters for insurability

The presence or absence of these known weaknesses shows how promptly the organisation applies security updates, which in turn influences the likelihood that attackers could gain unauthorised access, disrupt operations or steal information. An insurer relies on this insight to gauge the probability and potential impact of a cyber incident and to set appropriate coverage conditions and premiums.

Note: How Inscora assesses vulnerabilities
Inscora's perimeter scan identifies known vulnerabilities (CVEs) in internet-facing services and classifies them by severity. The scan evaluates what is visible from the outside - not internal vulnerability management tools or patch schedules. For a complete picture of the organisation's patching practices, the cyber insurability assessment questionnaire gathers additional details about internal patching processes, timelines and coverage.
Tip: Use Explain to understand any validation
For any question about what a scan result means, how it affects insurability, or what to do about it, use the Explain button directly on that validation. The briefing is generated from your client's actual data and covers the technical meaning, insurability impact, real-world incident references, step-by-step remediation, and how your own services connect to the solution.

Was this article helpful?

Powered by Product Fruits