Your policy includes an automated Coalition Cyber Risk Assessment (CRA). In this article, we’ll discuss how to read your CRA.
Risk Summary: This section offers an overview of your organization’s key risks. The Cyber Health Rating reflects the likelihood of your organization being compromised, based on security detections identified across your externally exposed attack surface—a higher score indicates better security. The Risk Summary also highlights the number of critical security findings (which may impact your insurability or premiums), your inherent risk rating (derived from your industry and operational complexity), and your estimated financial exposure (projected losses based on your organization’s profile). Additionally, peer benchmarking data is provided, including your incident likelihood compared to the average Coalition insured and the aggregate coverage limits typically purchased by peer organizations.
Security Findings: Security Findings (formerly called “vulnerabilities”) represent the exposures identified for your company that may pose a threat. Critical security findings are the only ones that impact your insurability and are typically contingencies — these must be remediated or resolved in order to be insured. For your reference, the report also includes the count of high, medium, and low security findings, along with a brief overview of the assets we have analyzed as part of your attack surface.
Critical Security Findings: This section lists each individual security finding that requires remediation, along with clear instructions on which asset is affected, how to remediate the issue, and steps to resolve it within Coalition Control. You can log in to Control and find these under the Security Findings > All Findings section, where you can take resolution actions or create exceptions. More detail, including supporting risk evidence, is available in Control for each finding.
Non-Critical Security Findings: The following section outlines non-critical security findings (high, medium, and low). Details for these findings are not included in the CRA report; we encourage you to log in to Coalition Control to review and resolve them. Remediation of these findings is not required to obtain an insurance quote or renewal, but they do affect your risk score and should be addressed to maintain a strong security posture.
Overall Risk Posture: Beyond individual security findings, Coalition provides an overall risk posture report, which includes details such as data leaks, potential malicious events, and email security posture. Please note that these items DO NOT impact your risk score or insurability, but we strongly recommend addressing them over time to improve your organization’s security.
Data Breaches/Leaks: Coalition scans the internet and dark web for evidence of data leaks associated with your company, highlighting compromised passwords, emails, phone numbers, and more. While these DO NOT affect your risk score or insurability, you can log in to Control to view the full dataset for these breaches.
The other sections highlight potential malicious activity on assets (malware, spam, torrents, blocklisted domains etc). These are for your investigation.
If you believe some of the assets do not belong to you login to Control and 'Remove Asset'.
Glossary: The CRA concludes with a Glossary to clarify any terminology or processes described in the report.
For any further questions or additional information, please reach out to us; we’re here to help!