Overview
This article explains how Exposure v1 and Exposure v2 differ in Hyver.
Both versions quantify risk by calculating the potential financial loss from a security breach, but v2 offers broader coverage, improved accuracy, and deeper context using modern modeling techniques.
What is Exposure?
Exposure = Likelihood of Breach (LoB) × Cost of Breach (CoB)
This formula reflects the expected financial loss over time based on:
The likelihood of an attack succeeding
The financial impact if it does
Hyver calculates exposure specifically for your organization using real-time data, integrations, and security posture assessments.
Exposure v2
Exposure v2 = Likelihood v2 × Cost of Breach v2
Default for new Hyver customers
If you started using Hyver after Exposure v2 was introduced, you are automatically using v2. Switching to v1 is not available.Applies to all findings
Exposure v2 calculates exposure for every finding, even those not on an active attack route.Includes maturity in the calculation
Maturity scores are integrated to produce more accurate likelihood values and exposure modeling.Powered by the Common Graph
Leverages data from across Hyver customers to model realistic attack paths and inform route-based exposure.Enables universal exposure reduction values
Every finding receives an exposure reduction estimate, helping you prioritize more effectively.Benchmarks available
The Risk Dashboard shows:Likelihood benchmarks (v2)
Cost of Breach benchmarks (v2)
Overall exposure benchmarks when both v2 models are in use
Exposure v1
Exposure v1 = Likelihood v1 × Cost of Breach v1
Default for existing customers prior to Exposure v2
If you were already using Hyver before v2 was introduced, v1 remains your default unless you switch.Only applies to findings on the mitigation graph
Exposure is calculated only for findings that appear on successful routes to business-critical assets.Does not include maturity
Likelihood v1 is calculated without factoring in your organization's cybersecurity maturity.No benchmarks or common graph modeling
Limited exposure reduction calculation
Exposure reduction is only available for findings actively participating in exploitable attack paths.
Switching Between Versions
Customers who were using Exposure v1 prior to the introduction of v2 can switch between versions as needed.
To enable Exposure v2:
Go to Settings > Likelihood and select Likelihood v2
Go to Settings > Cost of Breach and select Cost of Breach v2
Once enabled:
Exposure v2 becomes active
The platform recalculates risk and exposure values using the updated models:
Note: New customers do not have access to v1 versions.
Wrap-up / Next Steps
Exposure v2 delivers a more complete and accurate view of your organization's risk by incorporating maturity, graph insights, and universal coverage. If you’re still using v1, consider switching to v2 for improved prioritization and more meaningful metrics: