June 2, 2026 - Risk scoring update

Views:

Learn more about improvements to asset risk scoring in Cyber Risk Exposure Management implemented starting June 2, 2026.

As of June 2, 2026, Cyber Risk Exposure Management has updated methods to calculate asset risk scores. Because asset risk scores contribute to the Cyber Risk Index, your Cyber Risk Index may change after this update. Any changes that coincide with this update reflect more accurate risk data, not a change in your actual security posture.

The following improvements are included in this update:

Unified group score calculation

All group scores use the same weighted calculation method as the Cyber Risk Index. Group types covered by this method include Data Security Posture Management (DSPM) groups, SaaS Security Posture Management (SSPM) groups, and all other group types. Group scores can be directly compared across group types.

Unified cloud asset score calculation

Cloud asset scores use the same multi-factor weighted calculation as endpoint, identity, and other asset type scores. The cloud asset score calculation considers all applicable risk factors together, weighted by likelihood and impact. Cloud asset scores can be directly compared with scores for other asset types.

Refined predictive analytics scoring

Predictive analytics scores reflect current attack path data only. Resolved or inactive attack paths do not contribute to the predictive analytics score. Assets with resolved attack paths will see their predictive analytics scores decrease.

Improved tag-based score calculation

Tags are organized into groups based on the risk dimension each tag describes. Within each group, only the most significant tag contributes to the asset score. Grouping tags this way prevents multiple tags that describe the same risk dimension from stacking and inflating scores. Assets with many tags in the same risk category may see their asset scores decrease.

The following table summarizes each change and the expected impact on scores.

Improvement	Affected scores	Expected impact
Unified group score calculation	Data Security Posture Management (DSPM) group scores, SaaS Security Posture Management (SSPM) group scores, and all other group type scores	Scores may rise or fall depending on the weighted calculation for each group type.
Unified cloud asset score calculation	Cloud asset scores	Scores may rise or fall depending on the distribution of risk factors across cloud assets.
Refined predictive analytics scoring	Predictive analytics risk factor scores	Scores decrease for assets where attack paths have been resolved or are no longer active.
Improved tag-based score calculation	Scores for assets with multiple tags in the same risk category	Scores may decrease for assets with many tags that describe the same risk dimension.