Los Altos, CA — May 7, 2026 — Cadents, StartSecured, and Third Wave Innovations today announced a partnership to help mid-market companies connect the segments of cybersecurity risk that rarely talk to each other: internal attack surface visibility, control validation, and insurance alignment.
The partnership comes as cyber insurance carriers increasingly scan policyholder environments rather than relying on self-reported questionnaires. Premiums rose 173% between 2020 and 2022. After a brief dip in 2024-2025, S&P is projecting 15-20% increases for 2026 as carriers apply more sophisticated actuarial models to underwriting decisions. Mid-market companies are caught between tighter carrier requirements and internal teams that don’tshare findings across security, compliance, and finance.
Under the partnership, Cadents provides visibility into the internal attack surface, including asset inventory, configuration posture, and policy alignment. StartSecured delivers penetration testing and control validation. Third Wave Innovations provides managed detection and response, cybersecurity insurance advisory, and ongoing risk management aligned to carrier requirements. The three companies will work together on shared engagements, cross-refer clients, and coordinate across their respective areas of the risk value chain.
“Mid-market companies typically have more security data than they realize,” said Devin Jones, Chief Product & Technology Officer, Cadents. “The problem is it’s scattered across tools, no one has connected it into a coherent picture, and they have no idea how to present it in a way an underwriter can act on. That gap is costing them on their premiums.”
“Most organizations don’t really understand their risk exposure until they are forced to put a number on it,” said Patrick Hayes, CXO of Third Wave Innovations and author of Integrated Assurance and Can We Insure This?: The CFO’s Guide to Cybersecurity. “That’s usually the moment it stops being a security issue and becomes a financial one.”
“Software is often built and shipped with security assumptions that aren’t fully validated against real-world conditions, and AI is accelerating how quickly those assumptions can be challenged,” said Daniel King, CEO & Founder, StartSecured. “Our focus is bringing them to the surface through hands-on security testing, identifying what can actually be exploited, and helping teams prioritize and address it earlier in the lifecycle, before incident.”
The partnership launches alongside a joint webinar–Your Security Program Has a Blind Spot. Your Insurer Doesn’t.—a panel conversation featuring Jones, Hayes, and King, and moderated by Julie Case, CEO and Founder of Cadents. The webinar is scheduled for June 9.
About Cadents
Cadents is revolutionizing how businesses manage IT infrastructure risk and compliance.
When lifecycle data is fragmented across tools and documents, planning breaks down—creating security gaps, missed upgrades, and compliance exposure. Cadents centralizes lifecycle risk into an AI-driven decision layer so teams can plan confidently, reduce manual effort, and stay ahead of change.
Because nothing critical should ever be unknown.
About StartSecured
StartSecured identifies unknown, exploitable vulnerabilities in software and provides remediation guidance through penetration testing and application security services. The company uses manual, automated, and AI-assisted techniques aligned with industry standards including OWASP, SANS, and NIST to evaluate real-world attack paths and manage software risk.
StartSecured works with engineering and security teams to integrate application security into the software development lifecycle, enabling continuous validation of software security and strengthening the organization’s ability to manage application-level risk.
About Third Wave Innovations
Third Wave helps businesses take control of cybersecurity in a way that directly impacts their bottom line, including lower insurance costs and better coverage. Most companies are stuck overspending on tools while still struggling to meet insurance requirements or explain their risk to underwriters. Third Wave replaces that with a single, integrated program that combines 24/7 threat monitoring, cyber risk visibility, and employee training into a model that insurers recognize and reward. Instead of scrambling at renewal time, businesses can clearly demonstrate control, reduce exposure, and improve their insurability. The result is simpler operations, stronger protection, and a security program that actually pays for itself through reduced premiums and improved coverage.
Media Contact
Crystal Jones
Chief Marketing Officer, Cadents
