Gap Analysis Report
Last updated: July 1, 2026
The Gap Analysis Report is focused on the controls coverage section of the Cork Cyber Score. It shows which of your tools are reporting endpoints and inboxes, where overlap exists across those tools, and where deployment gaps need attention.
What this report does
The Gap Analysis shows what is being reported from your integrations, not whether tools are actively working or checking in. Compliance events in Cork Vantage handle active health monitoring. The Gap Analysis is the first layer: are these assets even inside your tools?
Run it for your full client base, clients with financial protection, or scoped to a single client.
Reading the coverage diagrams
The report includes two Venn diagrams: one for endpoints and one for inboxes. Both follow the same reading logic.
Endpoints
What it shows: The total unique endpoints across your clients and what percentage appear in each tool category: RMM, EDR, and Backup.
Each tool category shows the total endpoints reported by that tool.
Overlap sections show endpoints reported by more than one tool simultaneously. An endpoint counted in RMM that also appears in EDR will show in both the RMM count and the RMM+EDR overlap.
The goal is maximum overlap. Ideally every endpoint appears in all three categories.
Large numbers in a single category with little overlap signal deployment gaps: endpoints that have one tool but are missing others.
Cork recommends RMM as the baseline, then RMM + EDR, then the full suite with Backup for clients where it is required.
Recommendations are generated automatically based on the coverage picture. If a significant number of endpoints are missing RMM, the report will call that out directly.
Inboxes
What it shows: The total unique inboxes across your clients and their coverage across three categories: Security Awareness Training (SAT), MFA, and Email Security.
Each category shows the total inboxes reported by that integration.
Overlaps show inboxes seen by multiple tools.
The goal is for every inbox to appear in all three categories.
You may see a fourth category labeled Email in the inbox breakdown. This refers to email provider integrations like Microsoft 365 or Google Workspace. These are not email security products. Cork uses them to identify which inboxes exist and to cross-reference coverage. They are tracked separately from SAT, MFA, and Email Security integrations.
All Clients/Clients with Financial Protection View
Below the Venn diagrams, the report lists each active client and shows the ratio of their endpoints and inboxes seen within each tool category.
Each row shows a client with numerators (how many assets are seen in that tool) over a denominator (total assets for that client).
The table is sorted by overall controls coverage percentage. Clients with the weakest coverage appear at the top, making it easy to prioritize.
Use this table to identify outlier clients who need immediate attention: missing tool deployments, gaps in onboarding, or coverage categories that have not been connected yet.
Rows that appear grayed out at the bottom indicate clients where no endpoints or inboxes are being reported by any tool category. These clients are shown for visibility but are not factored into coverage scoring. Clients that are hidden are omitted entirely from the all-client report.
Single Client View
When running the report for a single client, the two sections show individual endpoints and inboxes alongside what tools are reporting it.
Each asset displays one of three status indicators:
Connected: Cork has a direct connection from the tool reporting this asset. Shown as a green checkmark
Attested: Cork cannot find a direct connection, but the RMM software inventory shows the product is installed on the endpoint. Shown as a blue checkmark
Not Required: The control is not applicable for this asset type. For example, email security is not required for a shared mailbox. Shown as a gray dash.
Not Connected: Cork cannot find a direct connection. Shown as a red X.
An endpoint with an attested EDR (blue checkmark) is generally sufficient for Cork financial protection purposes. Cork's position is that confirmed installation via RMM software inventory is an acceptable signal. If a claim arises, Cork will investigate further at that point. Partners do not need to hold off on enrolling clients in financial protection because of attested-only signals.