Improve Your Corvus Score

How to action your scan findings to improve your overall Corvus Score

Updated May 2022

The most frequent question we get from policyholders at Corvus is how they can improve their Corvus Score. The short answer: it depends. But today we’re providing a longer, and hopefully more helpful, answer to guide any policyholders embarking on a journey of cybersecurity improvement. 

For the uninitiated: the Corvus Score is the headline number of our Corvus Scan Report. The Corvus Scan Report is an assessment of an organization’s internet-facing cybersecurity hygiene and insurance risk that is provided via the Policyholder Dashboard to all policyholders. 

The Corvus Scan Report on your Policyholder Dashboard is designed to help you quickly identify the critical issues that will move the needle for your overall security. Improving your overall Corvus Score will help to put you in the strongest position when it comes time to renew your policy.

Below, we’ve gathered some best practices for how to improve your score. Following these may help boost any organization’s overall score. 

Before you start, please note that the weights of different components of the score are dynamic. That is to say: we cannot predict the exact number of points any remediation action will net for your overall score, because there are many other factors involved. However, after working with thousands of policyholders, we are able to share what we know to be the highest impact actions for most organizations.


In order to maximize your efforts, navigate to the vCISO Action Center within your Policyholder Dashboard and focus on the Critical and High Vulnerabilities and Securing Remote Access.

Patching Critical and High Vulnerabilities

Securing Remote Access

  • This portion of the Corvus Scan will display any remote access ports the scan identified. Assess your external footprint to ensure that only the systems and network ports required for business functionality are publicly accessible. In addition, use reputable hosting providers.
  • Organizations should implement Multi-Factor Authentication (MFA) for any remote access methodology. 
  • Some remote access services that we identify may no longer be in use, in which case, we recommend closing them.
  • For those organizations that are still using RDP for remote access, you should migrate to a different technology such as VPNs or consider Zero Trust Network Access (ZTNA) solutions. 
  • If RDP is required for business functionality, organizations should consider implementing an allow list to only grant access to trusted sources. Organizations should also ensure that MFA is enabled and enforced for all user accounts. For more information, please check out our article What is RDP, and why is it a security concern?
If you have questions about your scan findings, or have made changes and would like to be rescanned, please email the Risk + Response Team at