Overview
This article explains how exposure reduction is calculated in Hyver’s mitigation plans, and how it helps you prioritize actions and track their impact on your organization’s overall cyber risk. Exposure reduction helps you measure real progress — not just by counting findings, but by seeing how much safer your business becomes when you fix them.
What Is Exposure Reduction?
Exposure reduction represents how much your organization's cyber risk will drop when a mitigation plan is fully executed. It’s a central way to measure the effectiveness of your plan — the higher the exposure reduction, the greater the improvement to your security posture.
Unlike a simple total of finding values, exposure reduction considers:
The position of findings in attack routes
The interactions between multiple findings
The overall impact on reachable business assets
This makes it a more accurate and meaningful measure than just adding up scores:
How Exposure Reduction Is Calculated
The exposure reduction value is calculated across all findings in a plan.
It considers how those findings affect the organization’s attack routes and asset exposure.
It’s not a sum of the individual finding exposures — because some findings overlap or affect each other.
In some cases, the calculation may be partial, if certain findings can’t be fully factored in.
Example: A mitigation plan might show an exposure reduction of $689K — meaning that if the plan is fully completed, your overall exposure will drop by $689,000:
Projected Reduction for All Plans
This metric shows the total exposure reduction if all mitigation plans in the system are completed:
Like individual plan reduction values, it’s calculated using:
All findings across all plans
Their collective impact on attack routes
The complexity and overlaps between findings
This gives you a realistic picture of how much risk you can remove — and lets you optimize your strategy accordingly.
Using Exposure Reduction to Plan Effectively
Focus on plans with high exposure reduction for maximum impact.
Use this value to justify mitigation priorities and allocate resources more effectively.
You can add or remove findings from a plan to tune the reduction to your goals.
Revisit exposure reduction values periodically to adjust strategy as needed.
Tracking Exposure Changes Over Time
Each plan’s History tab logs changes to exposure reduction over time, so you can:
See how edits to the plan affect total impact
Track changes made by different team members
Understand the evolution of your risk mitigation efforts
Wrap-up / Next Steps
Exposure reduction gives you the big-picture view you need to plan smart, high-impact mitigations. It helps you focus on what matters, avoid wasted effort, and show real progress — all while staying grounded in the actual risk landscape of your organization.