Overview
This article explains how Cye Platform calculates exposure reduction for each finding — helping you prioritize remediation based on how much a fix can reduce your organization's cyber risk.
Cye Platform provides dollar-based exposure reduction values, giving security teams a clear understanding of mitigation impact and return on investment.
What is exposure reduction?
Exposure reduction quantifies the estimated decrease in risk (measured in dollar value) if a specific finding is fixed.
This value helps determine:
Which findings should be prioritized
How much a fix could lower your organization's overall exposure
Every finding of type Vulnerability can be assigned an exposure reduction value — whether or not it currently appears on an active attack route.
How exposure reduction is calculated
Cye Platform simulates each finding individually in its "fixed" state to estimate how much it would reduce exposure.
The value is shown as a single dollar figure, not a range:
The calculation includes factors like:
Position in the attack graph
Business asset exposure
Cost of Breach
Likelihood of exploitation
If Cost of Breach (CoB) is missing, users with permission will see a link to update it.
If CoB exists but there's no graph or data, the exposure value is set to None:
Conditions that trigger recalculation
Exposure reduction values are recalculated when changes occur in:
The graph (add/update/delete nodes or edges)
New or updated findings
Remediation assets added/removed from attack routes
Likelihood updates
Cost of Breach updates
Finding status changes (e.g., Fixed → Reopened)
Business asset settings or risk model updates
Any changes are tracked in the History tab for auditing:
Special cases
A finding marked Fixed retains its exposure reduction value at time of fixing.
If it's reopened, a new value is recalculated.
Findings marked Not Relevant are assigned a value of None.
If a finding has no exposure impact, it will still not show $0 — it will be set to None, indicating it can't be quantified, not that it has no risk.
Where to find exposure reduction data
On the Findings page, use filters to view findings by exposure reduction range:
In the right-hand pane, the dollar-based exposure reduction is displayed for each finding.
In mitigation plans, the total exposure reduction reflects the combined value of included findings.
The higher the value, the greater the expected impact of remediation.
Wrap-up / Next Steps
Exposure reduction helps you prioritize security fixes that make the biggest impact. With full finding coverage and maturity-aware scoring, every finding contributes to the bigger picture — giving you data-backed insights for smarter planning.