Frequently Asked Questions

Product Overview & Strategic Value

What is Cymulate and what does it do?

Cymulate is a cybersecurity platform that empowers organizations to continuously assess and validate their security posture. It provides tools for threat simulation, comprehensive security assessments, and continuous security validation, helping organizations stay ahead of evolving cyber threats. Learn more.

What is Continuous Security Validation and why is it important?

Continuous Security Validation is the process of regularly assessing your organization's security controls against the latest threats. Cymulate's platform enables continuous assessments, helping you track risk, configuration errors, and security gaps in real time. This approach ensures your defenses adapt to evolving threats and supports business continuity. Source

How does Cymulate help organizations adapt to rapid technological change?

Cymulate supports organizations facing rapid digital transformation by providing automated, continuous security assessments across hybrid environments—including legacy systems, cloud platforms, and SaaS applications. This ensures security keeps pace with business innovation and remote work trends. Source

How does Cymulate address rising threats from criminals and nation-state actors?

Cymulate continuously updates its attack simulation library to reflect the latest tactics used by criminal and nation-state attackers. In 2020, 96% of Cymulate customers tested against the Sunburst backdoor (SolarWinds supply chain attack), demonstrating the platform's ability to help organizations proactively defend against high-profile threats. Source

What is the strategic value of using Cymulate?

Cymulate delivers strategic value by simplifying, accelerating, and optimizing security validation. It enables organizations to minimize risk, ensure business continuity, and enhance cybersecurity skills across all employee levels. The platform's measurable outcomes are detailed in the Yearly Platform Usage Report. Source

Features & Capabilities

What are the key features of Cymulate's platform?

Cymulate offers continuous threat validation, unified Breach and Attack Simulation (BAS), Continuous Automated Red Teaming (CART), exposure analytics, attack path discovery, automated mitigation, AI-powered optimization, and an extensive threat library with over 100,000 attack actions updated daily. Learn more

How does Cymulate automate security testing?

Cymulate automates security testing by enabling organizations to run thousands of attack simulations across multiple vectors, which would be too time-consuming to test manually. This automation helps prioritize and execute remediation efficiently. Source

How does Cymulate help improve cybersecurity skills across the organization?

Cymulate strengthens cybersecurity skills for both technical and non-technical employees. Senior staff benefit from strategic, automated testing policies and daily updates, while junior staff gain hands-on learning through prioritized, prescriptive assessment results. The platform also includes phishing campaign capabilities to educate all employees. Source

What is Cymulate's approach to phishing awareness and testing?

Cymulate incorporates phishing campaign capabilities, allowing organizations to safely send test phishing emails to employees. This helps raise security awareness and educates staff on recognizing and avoiding phishing attacks. Learn more

How does Cymulate ensure its attack simulations are safe?

The Cymulate Labs team of global cybersecurity experts designs and tests all simulations to ensure they are safe and non-disruptive. Simulations act like a vaccine, exposing systems to controlled threats to build resilience without causing harm. Source

Implementation & Ease of Use

How easy is it to deploy and manage Cymulate?

Cymulate is a cloud-based SaaS solution that can be deployed in minutes. It operates in agentless mode, requiring no additional hardware or complex configurations, making it easy to incorporate into daily cybersecurity operations. Source

How frequently do Cymulate customers run security assessments?

According to the Yearly Platform Usage Report, all Cymulate customers used the platform continuously, with the average customer running at least one comprehensive assessment per attack vector per week. Source

What support resources are available for Cymulate users?

Cymulate provides comprehensive support, including email and chat support, a knowledge base with technical articles and videos, webinars, e-books, and an AI chatbot for quick answers and best practices. Contact support

How does Cymulate help organizations track and compare their security improvements?

Cymulate enables organizations to track security improvements over time and compare their scores to industry peers using standardized frameworks such as MITRE ATT&CK, NIST 800-30, CVSS 3, and DREAD. Source

Metrics, Outcomes & Case Studies

What measurable outcomes have Cymulate customers achieved?

In 2020, the financial sector saw a risk score reduction from 70 to 18, and non-technical employee cybersecurity scores improved from 66.3 to 18.4. Customers ran thousands of tests against ransomware, malware, and nation-state threats, with 96% testing against Sunburst. Source

How does Cymulate help improve non-technical employee cybersecurity skills?

Cymulate's phishing assessment and testing, integrated with the Continuous Security Validation platform, enables ongoing education for non-technical employees. This approach led to a dramatic improvement in employee risk scores, from 66.3 in 2019 to 18.4 by the end of 2020. Source

Where can I find the full Cymulate Yearly Platform Usage Report?

The complete Cymulate Yearly Platform Usage Report, including all findings and metrics, is available at this link.

How does Cymulate compare customer results across industries?

Cymulate tracks usage and risk score improvements across customer verticals. In 2020, the financial sector accounted for over 51% of all scans and saw the most dramatic risk reduction, demonstrating the platform's effectiveness in high-risk industries. Source

What case studies are available to demonstrate Cymulate's impact?

Cymulate features numerous case studies, such as Hertz Israel reducing cyber risk by 81% in four months and Nemours Children's Health improving detection in hybrid environments. Explore more at our Case Studies page.

Pricing & Plans

What is Cymulate's pricing model?

Cymulate uses a subscription-based pricing model tailored to each organization's needs. Pricing depends on the chosen package, number of assets, and scenarios selected. For a personalized quote, schedule a demo.

How can I get a Cymulate pricing quote?

You can receive a detailed pricing quote by scheduling a demo with the Cymulate team. The quote will be based on your organization's size, needs, and selected features. Book a demo

Security, Compliance & Integrations

What security and compliance certifications does Cymulate hold?

Cymulate holds SOC2 Type II, ISO 27001:2013, ISO 27701, ISO 27017, and CSA STAR Level 1 certifications, demonstrating adherence to industry-leading security and privacy standards. Learn more

How does Cymulate protect customer data?

Cymulate ensures data security with encryption in transit (TLS 1.2+) and at rest (AES-256), secure AWS-hosted data centers, a tested disaster recovery plan, and a dedicated privacy and security team. Details

What integrations does Cymulate support?

Cymulate integrates with a wide range of security technologies, including Akamai Guardicore, AWS GuardDuty, BlackBerry Cylance OPTICS, Carbon Black EDR, Check Point CloudGuard, Cisco Secure Endpoint, CrowdStrike Falcon, Wiz, SentinelOne, and more. See all integrations

Is Cymulate GDPR compliant?

Yes, Cymulate incorporates data protection by design and maintains GDPR compliance, with a dedicated Data Protection Officer (DPO) and Chief Information Security Officer (CISO) overseeing privacy and security. Learn more

Use Cases & Target Audience

Who can benefit from using Cymulate?

Cymulate is designed for CISOs, security leaders, SecOps teams, red teams, vulnerability management teams, and organizations of all sizes across industries such as finance, healthcare, retail, media, transportation, and manufacturing. Learn more

What problems does Cymulate solve for security teams?

Cymulate addresses fragmented security tools, resource constraints, unclear risk prioritization, cloud complexity, communication barriers, inadequate threat simulation, operational inefficiencies in vulnerability management, and post-breach recovery challenges. Details

How does Cymulate tailor its solutions for different roles?

Cymulate provides quantifiable metrics for CISOs, automates processes for SecOps teams, offers advanced offensive testing for red teams, and streamlines vulnerability management for dedicated teams. Solutions are tailored to each persona's needs. Learn more

How does Cymulate help CISOs demonstrate the value of their security program?

Cymulate provides CISOs with validated, data-driven metrics and executive dashboards to measure and communicate the impact of security investments, supporting clear reporting to boards and stakeholders. Learn more

Competition & Differentiation

How does Cymulate differ from other security validation platforms?

Cymulate stands out with its unified platform combining BAS, CART, and exposure analytics, continuous 24/7 validation, AI-powered optimization, complete kill chain coverage, ease of use, and proven customer outcomes such as a 52% reduction in critical exposures and 81% reduction in cyber risk. See comparisons

What are the advantages of Cymulate for different user segments?

CISOs benefit from quantifiable metrics, SecOps teams from automation and efficiency, red teams from advanced offensive testing, and vulnerability management teams from streamlined validation and prioritization. Learn more

Resources & Updates

Where can I find Cymulate's blog and newsroom?

Stay updated with the latest threats, research, and company news on our blog and newsroom.

Where can I find resources like whitepapers, reports, and webinars?

All Cymulate resources, including whitepapers, reports, webinars, and thought leadership articles, are available in our Resource Hub.

How can I stay informed about Cymulate's latest research and events?

Follow Cymulate's blog for new research and threat updates, and visit the Events & Webinars page for upcoming events and webinars.

Where can I find a glossary of cybersecurity terms used by Cymulate?

Cymulate provides a comprehensive glossary of cybersecurity terms, acronyms, and jargon at this page.

Cymulate named a Customers' Choice in 2025 Gartner® Peer Insights™
Learn More
New Case Study: Credit Union Boosts Threat Prevention & Detection with Cymulate
Learn More
New Research: Cymulate Research Labs Discovers Token Validation Flaw
Learn More
An Inside Look at the Technology Behind Cymulate
Learn More
Book a Demo
Book a Demo

The 2020 Cymulate Yearly Platform Usage Report

By: Cymulate

Last Updated: January 30, 2025

In cybersecurity, discovering solutions that are both strategic and transformative can make a significant impact. Tools that simplify, accelerate, and optimize a customer’s ability to adapt to evolving threats are essential. These elements help enterprises minimize risks, enable business continuity, and enhance skills across the board. This approach leads to more secure, confident teams and businesses. Continuous Security Validation through Breach and Attack Simulation at Cymulate serves as an ideal example of a game-changing solution.

The impact of such a solution is clear when results are measured tangibly and objectively through direct customer data. That’s why the Cymulate Yearly Platform Usage Report was introduced—an annual review of customer usage and scores, providing a thorough, objective view of how Cymulate transforms security outcomes. Let's explore how Cymulate strengthens enterprise security and dive into the report’s key findings.

Benefits of Cymulate’s Continuous Security Validation Solution

Continuous Security Validation provides an easy and comprehensive way to assess your dynamically changing environment, manage threats, and reduce risk.

Adapting to Rapid Technological Change

Business demand for digitally-led innovation has driven new technology and best practices, leading to rapid changes within enterprises. From the adoption of cloud computing and automation, DevOps teams now use playbooks to push out thousands of new workloads with a single click. Add to this the complexity of modern enterprise architecture, often a mix of legacy on-premises systems, cloud platforms, and third-party SaaS applications.

This environment is accessible not only to employees but also to vendors, partners, customers, suppliers, and contractors. With the global shift to remote work, employees can now access crucial applications and data from almost anywhere.

Rising Threats from Criminals and Nation-State Actors

Enterprises face a relentless rise in threats from criminal and nation-state attackers who continuously evolve their tactics, techniques, and strategies to maximize the impact and monetization of their attacks. Concerns about crippling costs, compliance violations, reputational damage, and ransomware make cybersecurity a boardroom priority. Recent attacks, like the SolarWinds breach, have heightened awareness of these risks.

Cymulate’s Continuous Security Validation: Comprehensive and Easy-to-Manage

Using Continuous Security Validation, Cymulate offers a comprehensive, easy-to-manage solution that keeps up with these challenges. It enables continuous assessments to track risk, configuration errors, and security gaps. As a cloud-based SaaS solution, Cymulate deploys in minutes and is easy to manage.

The Cymulate Labs team of global cybersecurity experts ensures Cymulate is updated daily with new attack simulations. This constant updating allows customers to continuously validate their environments against the latest threat vectors. Our experts also conduct extensive testing to ensure all simulations are safe and non-disruptive.

Automation for Comprehensive Security Testing

With Cymulate, enterprises can automate the assessment process, evaluating against thousands of attack vectors and techniques that would be too time-consuming to test manually. This results in a healthier enterprise, as remediation is prioritized and executed. Organizations can track their security improvements over time and compare their scores to industry peers.

Enhancing Cybersecurity Skills Across the Organization

Continuous Security Validation strengthens cybersecurity skillsets across both technical and non-technical employees. Given the global shortage of skilled cybersecurity professionals, it is essential to develop existing talent.

  • Senior Staff: Continuous Security Validation provides strategic value by enabling easy configuration of automated, continuous, and safe testing policies. As new threats emerge, daily updates keep senior staff informed and allow them to see immediate effects on security posture.
  • Junior Staff: Cymulate’s tools present a valuable learning opportunity, clearly demonstrating and visualizing threats. The prioritized, prescriptive assessment results accelerate on-the-job learning for junior staff.

Beyond technical teams, these solutions also raise security awareness across the company. Cymulate incorporates phishing campaign capabilities, allowing organizations to safely send test phishing emails, helping all employees learn to recognize and avoid such attacks.

image

Key Report Findings

  • Cymulate used by all customers in a continuous fashion with the average customer incorporating a comprehensive scan a week.

For continuous monitoring to be effective it needs to be done, continuously. Our results show that all our customers did just that with on average each customer doing at least one comprehensive assessment per attack vector per week. This proves that Cymulate was easy to deploy, manage and incorporate into the day-to-day activities of the cybersecurity staff and ensures value was obtained.

  • Where all customers cybersecurity ratings improved, enterprises who used Cymulate more improved more dramatically.

Tracking usage patterns across the customer verticals, we found that the financial sector made up over 51% of all scans done in 2020. Cymulate scores, based on an aggregate score compared against four security frameworks: Mitre Attack Framework, NIST 800-30, CVSS 3 and Microsoft’s version of the DREAD framework. Lower scores being better and meaning less risk: the financial sector who utilized us the most saw a drop from a risk score of 70 in the beginning of the year to a score of 18 by the end of the year.

  • Great improvement seen was in non-technical employee cybersecurity skill sets.

In the past many industry think tanks felt discouraged by the difficulty in getting non-technical professionals educated to avoid pitfalls such as phishing scams. Using third-party companies to run a one-time phishing campaign to educate employees is expensive and not necessarily enough exposure to truly educate your employees. Cymulate, by providing its customers with phishing assessment and testing that is tied to the larger Continuous Security Validation platform and which can be run over the year to continuously educate employees. Next to the financial sectors huge reduction in risk score, Cymulate’s customers saw a dramatic increase in risk reduction in employee’s scores from 66.3 in 2019 to 18.4 by the end of 2020.

  • Cymulate customers ran thousands of tests against ransomware, malware and nation state APT threats. 96% of Cymulate customers tested against Sun Burst.

With 2020 being a challenging year with ransomware and nation state attacks the Cymulate Labs team worked hard to ensure tests for all the latest criminal and APT attacks were added and updated. These tests designed and updated by our experts, when run act like a vaccine for your enterprise – taking a controlled dangerous vector in a safe and controlled manner inoculating the enterprise from an attack in the wild. Usage reports showed our customers wholeheartedly ran an exciting number of these tests in their environments, the highest rate being 96% of our customers running Sunburst backdoor testing of the SolarWinds supply chain attack.

You can find the entire Cymulate Yearly Platform Usage Report and its findings here.

We have truly entered a new era where Continuous Security Validation platforms like Cymulate will provide strategic value to enterprises, shoring up cybersecurity, reducing risk and educating both our cyber security staff and that of our overall employees easily, effectively and comprehensively.

To learn more about Cymulate, top scoring solution in innovation and second highest in growth in Frost & Sullivan’s Global Breach and Attack Simulation Market, 2020 click here.

image
Cymulate
Cymulate empowers organizations to fortify their defenses through continuous assessment and validation of their security posture. With a focus on threat simulation, comprehensive security assessments, and a commitment to innovation, Cymulate equips organizations with the tools and insights needed to stay ahead of cyber threats.
More about Author
Table of Contents
Benefits of Cymulate’s Continuous Security Validation Solution Key Report Findings
Cymulate Exposure Validation makes advanced security testing fast and easy. When it comes to building custom attack chains, it's all right in front of you in one place.
Mike Humbert, Cybersecurity Engineer
DARLING INGREDIENTS INC.
Learn More

Featured Resources

View More Resources
Handala Hack: From Regional Disruption to Digital Destruction — Why Security Validation Matters Now 
blog

Handala Hack: From Regional Disruption to Digital Destruction — Why Security Validation Matters Now 

After years of battling ransomware and financially motivated threats, security teams must now increase their focus to defend against digital destruction. Iranian-backed Handala Hack highlighted the growing threat with its claimed attacks against a U.S.-based medical equipment maker, with reports of widespread deletion of data

Read More
CVE-2026-26117: Hijacking Azure Arc on Windows for Local Privilege Escalation & Cloud Identity Takeover 
blog

CVE-2026-26117: Hijacking Azure Arc on Windows for Local Privilege Escalation & Cloud Identity Takeover 

CVE-2026-26117 lets attackers hijack Azure Arc on Windows, escalate to SYSTEM, and seize the machine’s cloud identity.

Read More
Exposure Validation Demo
Demo

Exposure Validation Demo

Demo of automated offensive simulations validating detection, prevention, and IOC coverage

Learn More

GET A PERSONALIZED DEMO

Ready to see Cymulate in action?

Book a Demo