Underwriting cyber risk you cannot see is not underwriting. It is guessing.

External scanning tells you what an attacker sees. Draxis tells you what the policyholder’s controls are actually doing — continuously, not at renewal.

Request a briefing →

The underwriting problem

You are pricing risk from a point-in-time snapshot of a changing environment.

Renewal questionnaires reflect intent, not reality. External scan scores reflect what is visible to the internet, not what is happening inside the control environment.

The gap between what carriers know at underwriting and what is actually true six months later is where claims come from.

Questionnaire dependency

Underwriting still relies primarily on self-reported security posture data. Policyholders answer optimistically. Controls degrade between renewals. The data ages out the moment it is submitted.

Outside-in blind spots

External scan vendors surface what is visible from the internet. MFA enforcement gaps, EDR coverage failures, over-privileged identities, and lateral movement paths are invisible to outside-in tooling. These are the controls that determine claim outcomes.

Point-in-time underwriting

Risk posture is dynamic. A policyholder who passes renewal screening in January may have material control gaps by March. Carriers have no signal between checkpoints. The first indication of degradation is the claim.

How Draxis is different

Inside-out risk signals. Not another outside-in score.

Capability	External scanning Bitsight, SecurityScorecard, RiskRecon	Draxis
Signal source	Public internet surface	Internal control telemetry
MFA enforcement gaps	Not visible	Detected and quantified
EDR coverage by device	Not visible	Detected and quantified
Identity hygiene	Not visible	Detected and quantified
Conditional access gaps	Not visible	Detected and quantified
Open ports / exposed services	Visible	Not primary focus
TLS / certificate health	Visible	Not primary focus
Continuous monitoring	Score updated periodically	KRIs updated per control sync
Financial exposure mapping	Not provided	Mapped per finding, per tenant
Framework alignment	Not provided	NIST CSF, SOC 2, ISO 27001, SEC Cyber Rules, DORA, NIS2
Questionnaire replacement	No	Partial — structured KRI evidence replaces subjective self-reporting for covered control domains

Draxis and external scanning vendors are complementary, not competing. External scanning covers the attack surface. Draxis covers the control environment. Both signals improve underwriting precision when used together.

Use cases

How carriers and brokers use Draxis today.

Structured underwriting evidence

Replace open-ended questionnaire responses with structured KRI data extracted directly from the policyholder’s control environment. Draxis surfaces MFA enforcement rates, EDR coverage percentages, and identity hygiene scores as verifiable data — not self-attestation.

Continuous posture monitoring

Receive KRI signals between renewal checkpoints. Track material changes in policyholder posture — new coverage gaps, degraded controls, increased exposure — without waiting for the annual questionnaire cycle.

Loss ratio intelligence

Correlate control telemetry with claims history across your book. Identify which KRI patterns predict claim events. Use that data to improve underwriting criteria, tighten pricing for high-risk profiles, and reward policyholders who demonstrate control improvement.

Broker advisory differentiation

For broker advisory practices building risk intelligence capabilities for their SMB cyber book: Draxis provides the inside-out signal layer your external scan vendors cannot. White-label the output under your advisory brand.

Deployment model

Draxis fits into your existing carrier infrastructure.

Step 1 · Policyholder consent

Policyholder authorizes read-only access

At policy inception or renewal, the policyholder grants Draxis read-only API access to one or more of their existing security controls. Authorization takes under 10 minutes. Nothing is installed in the policyholder’s environment.

Step 2 · Continuous KRI extraction

Draxis extracts and monitors KRIs

Draxis reads from the connected controls on a configurable cadence — daily, weekly, or per-event. Findings are mapped to financial exposure and framework alignment automatically. Material changes trigger alerts.

Step 3 · Carrier portal integration

Signals surface in your workflow

KRI data is available via API to your existing policyholder portal, underwriting workflow, or data warehouse. Draxis does not require carriers to replace existing tooling — it adds the inside-out signal layer to whatever infrastructure you already operate.

Pilot structure: Draxis works with carriers and MGAs on bounded pilots — typically 25–100 policyholders, 90 days — with defined success metrics tied to underwriting outcomes or loss ratio signal. Contact us to discuss a pilot framework.

This is a conversation, not a demo request.

If you are evaluating risk intelligence capabilities for your cyber book — or building a policyholder portal and looking for a continuous signal layer — we would like to speak with you.

We do not do automated demos for this segment. We do structured briefings with the right people on both sides.

Request a briefing →

Or reach us directly at carriers@draxis.ai