Technology – Software & Services | Europe December 14, 2025 12:01 PM GMT Weekly Reboot – Oracle results spark investor concerns This week, we share key research from our global MS colleagues, including on latest results from Oracle and Adobe. We also share perspectives on Microsoft's recent M365 price increases, key catalysts for Meta to outperform in 2026, and the rising importance of cyber risk management. Read-across and other relevant research: Oracle Corporation: 2Q26 Results – Resumption of Disbelief? ...

Core Insights - Qualys, Inc. has introduced enhancements to its Enterprise TruRisk Management (ETM) platform, focusing on proactive risk management to predict and prevent emerging cyber threats, particularly in the context of agentic AI [1][3][9] Group 1: New Capabilities - The enhancements to Qualys ETM include improved identity security for both human and non-human identities, predictive threat analysis, and validation of exposure exploitability, allowing security teams to anticipate cyber risks before breaches occur [1][3] - ETM Identity consolidates visibility and remediation across various identity and access management systems, correlating identity and asset risk into a single Identity TruRisk score, which helps security teams focus on the most exploitable attack paths [5][6] Group 2: Addressing AI-Driven Threats - The rise of AI has led to an increase in the volume and complexity of cyber attacks, necessitating a proactive, intelligence-driven approach to breach prevention tailored to organizations' unique risk profiles [3][4] - Qualys ETM aligns Identity Risk Posture Management with contextual threat intelligence and exposure exploitability validation, enabling measurable risk reduction at an enterprise scale [3][4] Group 3: Enhanced Risk Management Tools - TruLens provides real-time, tailored threat intelligence, allowing organizations to detect, prioritize, and remediate cyber risks more effectively by continuously applying live threat analysis and business impact context [6][7] - TruConfirm validates the exploitability of exposures by executing real-world attack scenarios, enabling security teams to prioritize and mitigate risks more efficiently [8][9] Group 4: Market Position and Availability - Qualys ETM is now generally available, with its new features, including ETM Identity, TruLens, and TruConfirm, available in preview [9][11] - Qualys serves over 10,000 subscription customers globally, including many from the Forbes Global 100 and Fortune 100, indicating a strong market presence [11][12]

Core Insights - Managing cyber risk is increasingly prioritized in the insurance and asset management sectors, with companies enhancing their annual budgets and board-level oversight [1] Group 1: Cybersecurity Leadership - Nearly 70% of companies have a Chief Information Security Officer (CISO) overseeing corporate cyber risk, while an additional 10% have a Chief Information Officer (CIO) in this role [2] - Over 95% of organizations have their CISOs provide briefings to the CEO at least semiannually, an increase from 88% in 2023 [2] - 70% of companies have their CISO brief the corporate board at least semiannually, up from 54% in 2023 [3] - 40% of companies link CEO compensation to cybersecurity performance, a significant rise from 24% in 2023 [3] Group 2: Cybersecurity Spending and Practices - Nearly half of the surveyed companies allocate 8% or more of their total IT budgets to cybersecurity, compared to 42% in 2023 [3] - About 98% of respondents test their incident response plans at least annually [4] - 80% of companies perform daily data backups to safeguard critical data against ransomware and other security threats [4] - 97% of respondents have patch management and vulnerability management programs in place [4] - 84% of respondents have a formal policy regulating the use of AI-based tools [4] Group 3: Survey Demographics - The research is based on a survey of 1,952 global respondents, including 102 insurers, insurance brokers, and asset managers [5]

Core Insights - Telos Corporation has launched Xacta.ai, an AI capability designed to enhance cyber governance, risk, and compliance (GRC) processes, enabling organizations to transition from reactive compliance to proactive risk management [2][3] - Xacta.ai integrates unique organizational content with existing data to provide real-time, actionable insights, significantly reducing compliance timelines and improving decision-making [3][4] Product Features - Xacta.ai can reduce critical compliance tasks from 4-6 months to just nine days, achieving a 93% overall time savings in generating control implementation statements [5] - The AI is built on 25 years of expertise in GRC, allowing it to provide context-aware responses to complex questions in seconds [6][7] - Key capabilities include instant control implementation, AI-driven control validation, risk remediation, contextual risk insights, and an adaptive prompt library [11] Market Context - Organizations are under increasing pressure to manage compliance obligations efficiently, and Xacta.ai addresses this by embedding regulatory and security expertise into AI-assisted workflows [4] - The trend in the market is shifting towards using AI to empower more effective risk management rather than replacing governance processes [4]

Core Insights - Qualys, Inc. has achieved FedRAMP High Authorization for its Government Platform, making it one of the few cybersecurity platforms to offer a comprehensive security solution at this level [1][3][4] - The platform addresses challenges faced by federal agencies, such as limited staff and fragmented security tools, by providing a unified cyber risk management solution [2][4] - FedRAMP High is the most stringent authorization level, designed for cloud services handling sensitive government data, aligning with NIST 800-53 High Impact controls [3] Company Overview - Qualys is a leading provider of cloud-based security, compliance, and IT solutions, serving over 10,000 subscription customers globally, including many from the Forbes Global 100 and Fortune 100 [6] - The company was founded in 1999 and is recognized as one of the first SaaS security companies, with strategic partnerships that enhance its vulnerability management capabilities [7] Product Features - The Qualys Government Platform offers a range of services including vulnerability management, compliance, endpoint detection and response (EDR), asset inventory, policy enforcement, and web application security, all within a single scalable solution [2][4] - The platform is designed to provide broad visibility and control across the entire risk surface, enabling organizations to efficiently reduce risk and protect critical assets [2][4]

Industry Trend - Insurance industry shows a growing interest in insurance technology (InsurTech) with Zurich Insurance Group AG's acquisition of BOXX Insurance Inc [1] Mergers and Acquisitions - Zurich Insurance Group AG to acquire BOXX Insurance Inc, a Canadian cyber risk management firm [1] Company Focus - Zurich Insurance Group AG expands into cyber risk management through acquisition [1]

Qualys (QLYS) FY Conference Summary Company Overview - **Company**: Qualys - **Industry**: Cybersecurity, specifically focusing on cyber risk management and vulnerability management - **Key Executives**: Sumit Dakar (CEO), Jume Kim (CFO) [1][2] Core Business Insights - **Vulnerability Management**: Qualys has been a pioneer in vulnerability management, evolving from basic detection to comprehensive cyber risk management solutions [3][4] - **Product Expansion**: The company has broadened its offerings to include remediation, patch management, asset management, and a risk operation center [4][5] - **Market Growth**: The number of vulnerabilities detected has increased significantly, necessitating a shift from merely identifying vulnerabilities to prioritizing and remediating them effectively [5][6] Financial Performance and Growth Strategy - **Growth Drivers**: Historically, growth has been driven by existing customers, with 15% of last twelve months (LTM) bookings coming from new products like Patch Management and CSAM [9][10] - **Future Growth**: The company anticipates continued growth from existing customers while also targeting new customer acquisition through enhanced value propositions [10][17] - **Financial Model**: Qualys maintains a focus on profitable growth, with a gross margin of 84% despite a shift towards more partner-driven sales [31][32] Product Development and Market Position - **Enterprise True Risk Solution**: This solution aims to provide a holistic view of cybersecurity risks, allowing customers to justify cybersecurity investments to stakeholders [11][12] - **Risk Operation Center**: A new offering that consolidates data from various tools to provide a comprehensive risk assessment, enabling better decision-making for customers [13][14] - **Cloud Security**: Qualys is actively expanding its cloud security capabilities, with 30 million agents deployed in public cloud environments [44][32] Partner Strategy and Market Dynamics - **Channel Focus**: The company is increasingly relying on channel partners for new customer acquisition and upselling, with a significant portion of deals now involving partners [25][29] - **Managed Services**: Qualys is enabling partners to offer risk monitoring services, which differ from traditional threat monitoring, thus expanding its market reach [22][24] - **Federal Market Opportunity**: The company is preparing to enhance its presence in the federal sector, particularly with the upcoming FedRAMP High certification, which will allow access to more federal agencies [33][34] Challenges and Future Outlook - **Sales Productivity**: While relationships with partners have improved, direct sales productivity has not met expectations, prompting a strategic shift towards channel partnerships [47][48] - **Investment in Federal Sector**: The company is committed to investing in the federal market, anticipating significant growth opportunities once FedRAMP High is achieved [35][36] - **Long-term Strategy**: Qualys aims to continue evolving its platform to meet the changing needs of customers, focusing on risk management and comprehensive cybersecurity solutions [17][32] Additional Insights - **Customer Engagement**: There is a notable increase in engagement from Chief Security Officers (CSOs) in discussions about risk management, indicating a shift in customer priorities [16][17] - **Market Confusion**: The distinction between vulnerability management, CSPM (Cloud Security Posture Management), and other security solutions is often misunderstood, but Qualys aims to clarify these roles [41][42] This summary encapsulates the key points discussed during the Qualys FY Conference, highlighting the company's strategic direction, market opportunities, and challenges ahead.