We are introducing a new and improved scoring system for Exposure Management recommendations in WithSecure™ Elements. This update makes recommendation risk scoring easier to understand, more transparent, and more real-time, while also enabling richer reporting and long‑term security trend tracking.
This change is expected to be made during June 2026, and we will confirm the date once it has been set.
What is changing?
The updated scoring and prioritization model introduces:
- A clearer and more understandable recommendation risk score
- Detailed risk breakdowns directly in the Recommendations UI
- Near real‑time recalculation of recommendation priority
- Improved foundations for richer reporting and analytics
Why are we making this change?
The new scoring and prioritization system provides:
- Greater transparency into exposure risk
- Faster feedback on remediation actions
- Stronger confidence in recommendation ordering
- Improved reporting capabilities
- A more solid foundation for future analytics and insights
What will be visible to users?
The new scoring system will affect how the recommendations remediation impact is being calculated as well as asset exposure risk score.
This will change the order in which recommendations are sorted, also recommendation may move between impact levels, which is explained in more detail below.
In essence, the new scoring system will generate fewer inconclusive recommendations.
Clearer explanation of recommendation risk
In the updated Recommendations List various new columns related to recommendation scoring have been added. Not all new columns are visible by default. Remediation impact icon changed is now harmonized with other parts of Elements such as BCD views.
Two new default columns “Assets by importance” and “Finding instances” will be added to the recommendations view representing counters breakdown by affected assets by importance (high/medium/low) and findings distribution by impact (critical/medium/low), respectively.
Users will be able to see why a recommendation has its current priority, including:
- How much of the recommendation risk is driven by attack paths
- How findings contributing to the recommendation are distributed across assets
- A breakdown of affected assets by importance and exposure
This makes it easier to:
- Understand what drives risk
- Explain prioritization decisions internally
- Focus remediation on the most impactful areas
The recommendations details UI
Asset exposure will show the new score in the scale of 0-100 with updated categorization icon which is now more aligned with other Elements UI such as BCDs. Also assets tab will show for each asset affected by the recommendation, findings count break down by impact (critical/medium/low)
Near real‑time prioritization updates
Recommendation risk scores will be recalculated in near real time.
This means that actions such as:
- Fixing a vulnerability on a specific device
- Changing a device’s importance
- Modifying exposure to the internet
will be reflected immediately in the recommendation risk score, without waiting for scheduled recalculations.
Expected impact on recommendation prioritization
Based on internal analysis across customer environments, the impact of the new scoring system is expected to vary:
- For the majority of organizations (approximately 80%), there will be a moderate change in prioritization.
- The same recommendations are likely to appear near the top of the list
- However, their order may change based on more accurate and transparent risk factors
- Around 15% of organizations will see little or no change in either the selection or ordering of their top recommendations
- Approximately 5% of organizations may see a more significant change, with a different set of recommendations appearing at the top of their prioritization list
These changes reflect a more accurate representation of exposure risk rather than a change in the underlying findings.
Will customers need to take any action?
No action is required, unless any reports that partners deliver to their customers are heavily dependent on the ordering of the recommendations. Partners would then need to pass this information to their customers to avoid confusion.
The improved scoring and prioritization will be introduced automatically and we will communicate clearly when the update becomes available.