Model aggregate risk exposure and scenario impact across your portfolio.
The challenge
Individual risk scores don't show aggregate exposure. You don't know whether one more vulnerability tips you into breach-likely territory. Scenario planning is impossible.
How Fig helps
Vulnerabilities, misconfigurations, and control gaps combined into portfolio risk scores using industry-standard models. What if risks are calculated scenario-by-scenario.
Model exposure impact if a vulnerability remains unpatched, a supplier is breached, or a framework deadline is missed. Board-ready risk impact summaries.
Fig continuously assesses cyber security posture, attack surface, and external threats to determine customer exposure in real time.
Fig traces likely attack paths through your assets using vulnerability, configuration, and permissions data. Prioritise remediations that break the most dangerous paths.
Exposure models feed directly into cyber and professional indemnity underwriting. Better risk data means better insurance premiums.
Audit-ready workflow
Exposure Modelling should not be treated as a standalone tool surface. In Fig it is part of a governed workflow: a signal is captured, an owner is assigned, a control or risk is updated, and evidence is retained so the organisation can prove what happened later.
Lifecycle
The Protect phase is where this capability sits in the wider Fig operating model. Individual risk scores don't show aggregate exposure. You don't know whether one more vulnerability tips you into breach-likely territory. Scenario planning is impossible. Fig turns that problem into a repeatable lifecycle so MSPs, risk teams, and auditors are not relying on static spreadsheets or ad hoc screenshots when a buyer asks for proof.
Evidence captured
For exposure modelling, useful evidence normally includes the triggering record, the affected asset or supplier, the control requirement, the assigned owner, the decision made, the timestamp, and the outcome. That evidence is mapped back to frameworks such as Cyber Essentials, ISO 27001, NIS2, DORA, GDPR, CMMC, and internal policy requirements where relevant.
Implementation checks
Useful references
The exact evidence required still depends on your scope, risk profile, sector, and framework obligations.
Built for you
Portfolio-level risk aggregation across all clients. Scenario models and attack path analysis strengthen your managed security services pitch.
Learn moreBoard-ready risk dashboards showing exposure trends. What-if scenarios inform budget allocation and strategic risk decisions.
Learn moreRisk assessment models and remediation prioritisation evidence for enterprise risk management and governance audits.
Learn moreProtect
Common questions
No. Fig models actual attack paths through your assets, scores the likelihood of exploitation chains, and calculates financial impact using your insurance premiums and business metrics.
Yes. You can model the impact of a supplier breach by running scenarios where that supplier's access rights are compromised, then tracing downstream exposure to your critical systems.
Fig analyses your vulnerability data, network topology, user permissions, and configuration state to identify chains of weaknesses an attacker could exploit. It then prioritises remediations that break the most dangerous paths first.
Yes. Fig generates financial impact estimates for each risk scenario, showing the potential cost of inaction. Many clients use these reports directly in board presentations and budget proposals to make the case for specific security investments.
Scores recalculate automatically whenever underlying data changes, such as a new vulnerability scan, a configuration drift alert, or an updated supplier risk score. You always see the current state, not a snapshot from last quarter.
Next step
Book a walkthrough tailored to your frameworks and tooling.
We only load non-essential analytics and advertising tags after explicit consent. You can review our cookie register in the cookie policy section and update your choice at any time via “Cookie settings” in the footer.