Qualys and Converge Launch Joint Offering, Lowering Insurance Premiums for Organizations with Proven Cyber Risk Reduction through Enterprise TruRisk Management

Rhea-AI Summary

Qualys (NASDAQ: QLYS) and Converge launched a joint offering on May 5, 2026 that links Qualys Enterprise TruRisk Management (ETM) data to Converge underwriting to help organizations potentially qualify for lower cyber insurance premiums. Qualys CCIR reports verify vulnerability, patch, detection, and remediation metrics, are generated live from ETM, and are valid for 30 days. The report aims to reduce manual questionnaires, lower administrative burden, and provide underwriters with real‑time, standardized security posture data. The Qualys CCIR is now available in ETM; sign-ups at qualys.com/lp/converge.

Positive

• Qualys CCIR available now in ETM
• Automates evidence for underwriters, reducing manual questionnaires
• Report validity of 30 days for live posture verification

Negative

• Premium reductions are conditional and depend on Converge underwriting decisions
• CCIR validity limited to 30 days, requiring ongoing verification

Key Figures

Q4 2025 revenue: $175.3M FY 2025 revenue: $669.1M FY 2025 GAAP net income: $198.3M +5 more

8 metrics

Q4 2025 revenue $175.3M Quarterly revenue, +10% year over year

FY 2025 revenue $669.1M Full-year 2025 revenue, +10% year over year

FY 2025 GAAP net income $198.3M Full-year 2025 GAAP net income

Buyback increase $200M Increase to share repurchase program announced with FY 2025 results

FY 2026 revenue guidance $717M–$725M Revenue outlook provided on Feb 5, 2026

Market cap $3,124,219,185 Pre-news market capitalization

CCIR validity period 30 days Qualys Converge Connect Insurance Report validity window

Shares outstanding 35,289,949 Common shares outstanding as of Apr 14, 2026 (proxy statement)

Market Reality Check

Price: $92.14 Vol: Volume 965,990 is essenti...

normal vol

$92.14 Last Close

Volume Volume 965,990 is essentially in line with the 20-day average of 971,733, suggesting no unusual trading activity ahead of this partnership news. normal

Technical Shares at $92.49 trade below the 200-day MA of $122.48, and sit 40.51% below the 52-week high of $155.47 but 24.13% above the 52-week low of $74.51.

Peers on Argus

QLYS is up 4.47%, while peers show mixed, modest moves: BOX +1.2%, ACIW +1.3%, W...

QLYS is up 4.47%, while peers show mixed, modest moves: BOX +1.2%, ACIW +1.3%, WEX +1.65%, STNE -2.34%, OS flat. The stronger gain in QLYS points to stock-specific interest around the Converge collaboration rather than a broad sector rotation.

Historical Context

5 past events · Latest: Apr 22 (Neutral)

Pattern 5 events

Date	Event	Sentiment	Move	Catalyst
Apr 22	Earnings date notice	Neutral	+1.7%	Announcement of timing for Q1 2026 earnings release and conference call.
Mar 23	Product/AI launch	Positive	+0.9%	Launch of Agent Val AI inside ETM for exploit validation and remediation.
Feb 05	Earnings results	Positive	-13.3%	Q4 and full-year 2025 revenue growth with 2026 guidance and buyback increase.
Jan 22	Earnings date notice	Neutral	-1.1%	Scheduling and access details for Q4 2025 earnings call and webcast.
Nov 05	Investor conference	Neutral	+20.6%	Participation in UBS Global Technology and AI Conference with fireside chat.

Pattern Detected

Recent product and AI announcements have seen modest positive moves, while one earnings release with revenue growth and guidance coincided with a sharp selloff.

Recent Company History

Over the last six months, Qualys has combined steady financial execution with product innovation and investor outreach. On Feb 5, 2026, it reported Q4 2025 revenue of $175.3M and full-year 2025 revenue of $669.1M, both up 10% year over year, and expanded its share repurchase program by $200M, yet the stock fell 13.31% the next day. A new AI agent for ETM announced on Mar 23, 2026 saw a smaller 0.93% gain. Today’s insurance-focused partnership builds on that ETM strategy and arrives just after an earnings-date notice for Q1 2026 results.

Market Pulse Summary

This announcement links Qualys’ Enterprise TruRisk Management platform directly to potential cyber i...

Analysis

This announcement links Qualys’ Enterprise TruRisk Management platform directly to potential cyber insurance savings via a data-driven underwriting partnership with Converge. It follows prior ETM enhancements, including an AI agent launch, and comes on the heels of 2025 revenue of $669.1M with 10% growth. Investors may watch adoption of the Qualys Converge Connect Insurance Report, upcoming Q1 2026 results, and ongoing governance items such as the proposed 1,089,000-share equity plan increase.

Key Terms

cyber insurance, underwriters, vulnerability management, patch management, +4 more

8 terms

cyber insurance financial

"reduced cyber insurance premiums from Converge."

A type of insurance policy that helps cover the financial impact when a company suffers a cyber incident — for example theft of customer data, ransomware attacks, or system outages. It pays for costs like recovering systems, legal fees, customer notifications, and lost sales, acting like homeowner’s insurance but for a company’s digital operations. Investors care because coverage and cost affect a company’s risk of large unexpected losses, reputation damage, and future cash flow.

underwriters financial

"format that Converge underwriters can evaluate quickly and accurately."

Underwriters are financial professionals or institutions that help companies raise money by selling new securities, such as stocks or bonds, to investors. They assess the risk and determine the price at which these securities should be sold, acting like a bridge between the company and the investors. Their role helps ensure that the company raises the needed funds while providing investors with options that reflect the level of risk involved.

vulnerability management technical

"verifying vulnerability management, patch management, and endpoint detection controls"

Vulnerability management is the ongoing process of finding, fixing and tracking weak spots in a company’s computer systems and software before attackers exploit them. It matters to investors because unchecked weaknesses can lead to costly breaches, fines, downtime and harm to customer trust — similar to routinely inspecting and repairing locks on a storefront to avoid break-ins and protect future revenue and reputation.

patch management technical

"verifying vulnerability management, patch management, and endpoint detection controls"

Patch management is the process of finding, testing and installing software updates that fix bugs or close security holes on computers and network devices. For investors it matters because timely patching reduces the risk of costly hacks, outages and regulatory fines—similar to regularly changing locks and repairing doors to keep a building secure and operational—while poor patching can lead to unexpected expenses, reputational damage and lost revenue.

endpoint detection and response (EDR) technical

"TruRisk Eliminate, and Endpoint Detection and Response (EDR)."

Endpoint detection and response (EDR) is a cybersecurity system that continuously monitors devices such as laptops, servers, and phones, collecting activity data to spot suspicious behavior, stop attacks, and restore systems. For investors, EDR matters because it lowers the chance of costly data breaches, operational downtime, and regulatory penalties—think of it as a security camera plus a rapid response team for a company’s digital assets, helping protect value and continuity.

ransomware attacks technical

"increasing ransomware attacks, data breaches, and supply chain incidents."

Malicious software that locks or encrypts a company’s files or systems and demands payment to restore access—like a digital kidnapping of critical data. Investors care because such attacks can halt operations, force large payouts, trigger regulatory fines and lost customers, and reveal weak security; all of which can reduce revenue, increase costs and damage share value, so the frequency, impact and the company’s response matter to future returns.

endpoint detection controls technical

"verifying vulnerability management, patch management, and endpoint detection controls"

Endpoint detection controls are the tools, rules and monitoring systems that watch and protect the computers, phones and servers a business uses, spotting suspicious activity or malware on those devices and blocking it before it spreads. For investors, they matter because strong endpoint defenses reduce the chance of costly data breaches, operational disruption and regulatory fines — similar to how locks and security cameras lower the risk of a break‑in for a physical store.

cyber insurance application financial

"streamlines the cyber insurance application process, while giving organizations"

A cyber insurance application is the questionnaire and supporting documents a company submits to an insurer to request coverage for losses from hacking, data breaches, or digital disruptions. It outlines the company’s digital systems, security practices, past incidents and desired coverage terms—like applying for car insurance but for computer risks—and matters to investors because answers affect premiums, coverage limits and whether a future cyber loss will be paid or leave the company on the hook.

AI-generated analysis. Not financial advice.

Collaboration streamlines insurance application process, reduces risk of inaccurate self-reporting, and incentivizes strong cyber posture

FOSTER CITY, Calif., May 5, 2026 /PRNewswire/ -- Qualys, Inc. (NASDAQ: QLYS), a leading provider of cloud-based IT, security and compliance solutions, together with Converge, pioneers in advanced cyber risk management and underwriting, today announced a joint offering that rewards organizations for demonstrated cybersecurity compliance. The collaboration allows Qualys customers who actively manage and prove strong security hygiene with Enterprise TruRisk Management (ETM) to potentially qualify for reduced cyber insurance premiums from Converge.

Traditional cyber insurers struggle to price and assess risk accurately against the backdrop of increasing ransomware attacks, data breaches, and supply chain incidents. Current cyber insurance applications rely on manual questionnaires, a process that is time-consuming, inconsistent, and easy to get wrong. The Qualys Converge Connect Insurance Report (CCIR) generated by ETM allows a company's data to speak for itself, verifying vulnerability management, patch management, and endpoint detection controls in a standardized format that Converge underwriters can evaluate quickly and accurately. By providing underwriters with accurate insights into an organization's security posture in real time, the Qualys CCIR results in a more objective and precise premium that reflects real risk levels rather than industry averages.

Automated data from Qualys ETM feeds into the CCIR, saving time, reducing administrative burden, and eliminating the risk of inaccurate self-reporting. The report will include metrics that showcase measurable risk reduction, faster remediation velocity, higher compliance rates, and expanded asset coverage. It reduces friction and streamlines the cyber insurance application process, while giving organizations an ongoing incentive for improving their cyber hygiene.

"Cyber risk has historically been priced on snapshots and self-reported answers, leaving real exposure invisible between renewals," said Tom Kang, CEO of Converge. "With verified data, we will be able to underwrite to a company's live security posture and provide policyholders who do the hard work of reducing risk to see the benefits."

"Cyber insurance is key to the overall risk management strategy, but there has to be an easier way to correlate the strength of an organization's cyber posture with what they should pay in insurance," said Sumedh Thakar, president and CEO of Qualys. "That's why we created ETM to provide stakeholders with an accurate picture of their true risk, enabling better business outcomes like cyber insurance savings, and a greater incentive to reduce their cyber risk."

The Qualys CCIR will cover a range of solutions across the Qualys portfolio, including ETM, Vulnerability Management, Detection and Response (VMDR), TruRisk Eliminate, and Endpoint Detection and Response (EDR). The report, independently generated live, will be valid for 30 days.

Availability
The Qualys CCIR is now available in ETM. Customers interested in this joint offering should sign up at qualys.com/lp/converge. To learn more, read the blog post, "Converge Connect: Unlock Lower Premiums with Proven Qualys Security".

Additional Resources

• Read our blog post, "Converge Connect: Unlock Lower Premiums with Proven Qualys Security"
• Register your interest at qualys.com/lp/converge
• Contact us for more information at convergeconnect@qualys.com
• Follow Qualys on LinkedIn, Instagram and X

About Qualys
Qualys, Inc. (NASDAQ: QLYS) is a leading provider of cloud-based security, compliance and IT solutions with more than 10,000 subscription customers worldwide, including a majority of the Forbes Global 100 and Fortune 100. Qualys helps organizations streamline and automate their security and compliance solutions onto a single platform for greater agility, better business outcomes, and substantial cost savings.

The Qualys Enterprise TruRisk Platform leverages a single agent to continuously deliver critical security intelligence while enabling enterprises to automate the full spectrum of vulnerability detection, compliance, and protection for IT systems, workloads and web applications across on premises, endpoints, servers, public and private clouds, containers, and mobile devices. Founded in 1999 as one of the first SaaS security companies, Qualys has strategic partnerships and seamlessly integrates its vulnerability management capabilities into security offerings from cloud service providers, including Oracle Cloud Infrastructure, Amazon Web Services, the Google Cloud Platform and Microsoft Azure, along with a number of leading managed service providers and global consulting organizations. For more information, please visit http://www.qualys.com.

Qualys, Qualys VMDR®, Qualys TruRisk and the Qualys logo are proprietary trademarks of Qualys, Inc. All other products or names may be trademarks of their respective companies. 

Media Contact:  
Rachel Yap Winship 
Qualys
Media@Qualys.com

View original content to download multimedia:https://www.prnewswire.com/news-releases/qualys-and-converge-launch-joint-offering-lowering-insurance-premiums-for-organizations-with-proven-cyber-risk-reduction-through-enterprise-trurisk-management-302762050.html

SOURCE Qualys, Inc.

FAQ

What is the Qualys CCIR and how does it affect QLYS customers?

The Qualys CCIR is an automated insurance report generated from ETM data to verify security controls. According to the company, it standardizes vulnerability, patch, detection, and remediation metrics so Converge underwriters can assess risk faster and more accurately.

Can QLYS customers get lower cyber insurance premiums with the Qualys–Converge offering?

Customers may qualify for reduced premiums if Converge underwriting approves based on CCIR data. According to the company, verified ETM metrics give underwriters real‑time insight, which can result in premiums reflecting demonstrated security posture rather than industry averages.

Which Qualys products feed into the Converge Connect Insurance Report (CCIR)?

The CCIR includes ETM, Vulnerability Management, Detection and Response (VMDR), TruRisk Eliminate, and Endpoint Detection and Response (EDR). According to the company, these solutions provide the metrics used to generate the standardized insurance report.

How long is a Qualys CCIR report valid for insurance purposes?

A Qualys CCIR report is valid for 30 days from generation. According to the company, the report is independently generated live from ETM and provides a short‑term verified snapshot of an organization’s security posture for underwriting.

How do organizations enroll in the Qualys and Converge joint offering for QLYS customers?

Interested organizations can sign up through Qualys to enable CCIR generation in ETM. According to the company, customers should register at qualys.com/lp/converge and can access additional details via the linked blog and contact email convergeconnect@qualys.com.