What is it?
A score on the Dashboard that describes your overall security posture, specifically how well your team is remediating vulnerabilities within a given timeframe:
Starting in January 2026, your Cyber Hygiene score now factors in real-world exploitation likelihood alongside impact severity.
What's different:
Severity is now calculated as CVSS Γ Likelihood weighting (using EPSS data and KEV flags)
Previously, severity was based on CVSS score alone (theoretical impact only)
High CVSS vulnerabilities with high EPSS or KEV flags are now prioritised higher
Your score can now change as external threat intelligence updates, even when CVEs aren't fixed or re-scored
Why this matters: This helps you focus remediation on vulnerabilities posing the greatest real-world risk, not just the highest theoretical impact. A critical vulnerability that's never been exploited is less urgent than one actively used in attacks.
Your overall security posture hasn't changed - the score now better reflects which issues need your attention first.
How is it calculated?
The Cyber Hygiene Score is based on an issue's CVSS score and its likelihood of exploitation. This reflects real-world risk, enabling you to prioritise threats effectively:
Severity | Likelihood | Outcome |
Critical | Known | F |
Critical | Very Likely | E |
Critical | Likely | E |
Critical | Unlikely | D |
Critical | Rare | D |
Critical | Not known | D |
High | Known | E |
High | Very Likely | E |
High | Likely | D |
High | Unlikely | C |
High | Rare | C |
High | Not known | C |
Medium | Known | D |
Medium | Very Likely | C |
Medium | Likely | C |
Medium | Unlikely | B |
Medium | Rare | B |
Medium | Not known | B |
Low | Known | D |
Low | Very Likely | B |
Low | Likely | B |
Low | Unlikely | A |
Low | Rare | A |
Low | Not known | A |
How does likelihood work?
Each occurrence now gets an adjusted severity based on the combination of its CVSS and likelihood data:
CVSS base score (Impact)
Measures potential damage and exploits complexity.
EPSS probability (Likelihood)
Predicts the chance of exploitation in the wild.
KEV list presence (Active exploitation)
Confirms known active exploitation.
How do I change my cyber hygiene goals?
The defaults are based on industry best practices. However, if you're on a Cloud, Pro, or Enterprise plan, you can customise these to better align with your company's security policies by heading to Settings > Team account:
How do I improve the cyber hygiene score?
Resolve any overdue issues, focusing on critical ones first as they're the most important and have the shortest remediation window.
Do snoozed issues count towards my cyber hygiene score?
No, they don't. Snoozed issues/occurrences are removed from the portal dashboard (including from the cyber hygiene score).