There are two scores you'll encounter in the platform, and they work differently. Understanding which one you're looking at, and how it's calculated makes the numbers much easier to interpret.
The two scores at a glance
| Account risk score | Tag/subset score | |
|---|---|---|
| What it covers | Your entire organization | A selected group of assets (e.g. a tag) |
| How it's calculated | Weighted blend of all assets | 99th percentile of assets in that group |
| Where you see it | Dashboard, top-level view | Tag views, filtered asset lists |
| Best used for | Executive reporting, overall trend | Team-level tracking, specific asset groups |
The account risk score
This is the single 1–100 number that represents your whole organization's security posture.
How it's calculated
Every asset in your account has its own asset risk score (also 1–100). The account score is calculated by:
- Ranking all assets from highest risk to lowest
- Applying a geometric weighting assets at the top of the list carry far more influence than those further down
- Normalizing the result to a 1–100 scale
The key word here is weighted blend. The account score is not the score of any single asset it's a mathematically combined result across all of them, where the worst assets dominate. Because of this normalization, you will not find one asset whose individual score exactly matches the account score, even though the top assets have the biggest influence on the outcome.
The anti-dilution safeguard
If a large proportion of your assets have no significant vulnerabilities (roughly 30% or more are "safe"), the platform automatically limits how much those low-risk assets can pull the score down. This prevents a customer with 800 assets 600 of which are fully patched from showing an artificially low score just because of the safe majority. The score stays focused on the assets that actually have exposure.
Example
Imagine you have 10 assets with these risk scores:
| Asset | Risk score |
|---|---|
| Server A | 98 |
| Server B | 95 |
| Server C | 91 |
| Server D | 84 |
| Server E | 72 |
| Server F | 60 |
| Server G | 45 |
| Server H | 30 |
| Server I | 12 |
| Server J | 5 |
The account score will not be the average (59), and it won't be 98 (the worst asset). It will be a weighted result much closer to the top than the average, but pulled slightly below the single worst asset. In this example, you might see an account score around 88–92. Servers A, B, and C do most of the work; Server J has almost no influence.
What this means practically: To move the account score, fix the assets at the top of the list. Fixing Server J will have almost no visible effect. Fixing Server A will.
Tag/subset risk score
When you filter assets by tag for example, "Production servers" or "Finance team assets" the score you see is calculated differently from the account score.
How it's calculated
The tag score uses the 99th percentile (P99) of all asset risk scores within that group.
P99 means: sort all assets in the group from lowest to highest risk, then take the value at position 99% of the way up the list. In practice, this means you're looking at roughly the top 1% of riskiest assets in that group.
The formula: Position = 0.99 × number of assets in the group
Example
You have a tag called "Production" with 200 assets.
0.99 × 200 = position 198
The assets are sorted from lowest to highest risk score. The tag risk score equals whatever score the asset at position 198 has the second-riskiest asset in the group.
Another example with 50 assets:
0.99 × 50 = position 49.5 (rounded to 50)
The tag score equals the riskiest asset in that group.
What this means practically: Tag scores are highly sensitive to outliers. A single very risky asset in a tag will dominate the tag's score. If you add a high-risk asset to a tag, the tag score will jump. If you remediate the top asset, the score drops to reflect the next worst one.
How does the tag score compare to the account score?
The two methods are designed to produce the same result and agree to within about 4% across typical customer data. You can reliably use tag scores for team-level reporting and dashboards, while the account score remains the definitive whole-organization benchmark.
Why the two scores can look different
Because the account score and tag scores use different methods, you will sometimes see them diverge:
- Selecting five tags together will give you a P99 across all assets in all five tags combined which could be higher or lower than any individual tag score, depending on which assets are in the combined set
- The account score for "all assets" will often differ from the tag score for a tag that covers all assets, because one uses geometric weighting and the other uses P99
This is expected and by design. Neither number is wrong they are answering slightly different questions.
Risk score trends over time
In the time-based charts, each period (week, month, etc.) shows the highest risk observed during that period, not the end-of-period snapshot. This is intentional.
For each asset, the platform takes the highest risk score seen at any point during the period. It then runs P99 across those values to produce the period's score. This means:
- A vulnerability that appeared on Monday and was fixed by Friday still shows up in the weekly trend
- Short-lived but serious exposures are never silently buried
- A flat or improving trendline means your risk posture is genuinely stable or improving not just that you happened to scan on a good day
Frequently asked questions
Why is my account score high when most assets look fine? A small number of high-risk assets dominate the account score due to geometric weighting. Even if 700 of your 800 assets are clean, a handful with critical, exploitable vulnerabilities will keep the score elevated. Sort your assets by risk score descending and focus on the top rows.
Why did fixing many vulnerabilities barely move the score? Because the score is weighted toward your worst assets, fixing lower-severity issues on lower-ranked assets has minimal effect. The score responds most strongly to fixing the top-ranked assets. If the highest-risk assets are still unresolved, the score will stay high.
Why did my score spike without a new scan? Threat intelligence is updated continuously. If a vulnerability that already exists on your assets is newly associated with active exploits or ransomware, its threat score rises and your asset and account risk scores update to reflect that, even without a new scan.
Can I find the specific asset that "equals" my account score? No and this is an important point. The account score is a normalized weighted blend across all assets. There is no single asset whose individual score equals it. You may occasionally find an asset that happens to have a similar number, but that's a coincidence of the normalization, not how the calculation works. The tag score (P99) is different for that one, you can find the specific asset at the P99 position in the sorted list.
Does ignoring a vulnerability affect the score? Yes. Ignored vulnerabilities are excluded from score calculations. This is intended for accepted risks or confirmed false positives not as a way to lower the score without addressing actual exposure.