Answer 35 plain-English questions. Get a real security score, industry-specific compliance alerts, and a prioritized action plan β in under 15 minutes.
No account needed Β· Takes 15 minutes Β· Results are instant
Sample Security Report
Riverside Plumbing LLC
42 / 100
Fair β gaps exist
π Access Control
28%
πΎ Backups
52%
π§ Email Security
82%
π₯οΈ Devices
44%
π¨ Incident Response
20%
π₯ Staff Awareness
75%
πNo data collected
πNIST CSF 2.0 aligned
π‘οΈCIS Controls v8 mapped
β±οΈResults in 15 minutes
88%
of ransomware attacks now target small businesses (Acrisure 2026)
$120k
average cost of a small business breach (VikingCloud 2025)
75%
of SMBs could not continue operating after ransomware (CyberCatch)
How it works
Three steps to knowing where you stand.
01
Answer 35 questions
Plain English. No tech jargon. Covers passwords, backups, devices, email, incident response, and vendor risk.
02
Get your score + report
Instant 0β100 readiness score. Industry-specific compliance alerts. Prioritized findings with plain-English fix instructions. Downloadable PDF for your insurer.
03
Improve monthly
Pro subscribers reassess monthly and watch their score climb. Track progress over time. Show clients and insurers documented improvement.
Why CyberPosture is different
Built by someone who investigates breaches β not sells software.
π¬
DFIR-designed questions
Every question targets what actually causes breaches β not theoretical risks. Written from real incident response experience.
π₯
Industry-aware compliance
Select your industry and get specific regulatory alerts β HIPAA, PCI-DSS, state privacy laws β tailored to your business type.
Pro
π
Real domain scanning
Enter your domain and we check your email authentication (SPF, DKIM, DMARC) β showing you a real technical finding, not just a questionnaire.
Pro
π
Insurer-ready PDF reports
Download a branded report with framework references that cyber insurance providers recognize. Many policies now require documented security assessments.
π
MFA hierarchy scoring
We don't just ask "do you have MFA?" β we score passkeys and hardware keys higher than authenticator apps higher than SMS. Because the difference matters.
Pro
π
Monthly progress tracking
Pro subscribers reassess monthly and see their score trend over time. Concrete evidence of improvement β not just a one-time snapshot.
Your Data
An honest answer to "is this safe?"
π
What we store. What we don't.
CyberPosture is a self-assessment tool. It asks questions about your security practices β not your business operations. Here's exactly what that means for your data.
β
What we store (Pro accounts only): Your email, your assessment answers, your score history, and your subscription status. That's it.
β
What we never see or store: Your customer data, employee records, business systems, network access, files, passwords, or anything that runs your business.
β
What we never do: Sell your email. Share your data with advertisers. Use your answers to train AI. Send unsolicited marketing.
β
Free assessments: Run entirely in your browser. Nothing is sent to any server. Close the tab and your answers disappear.
β
Domain scans (Pro): Public DNS lookups only β the same information anyone with internet access can see. No intrusive scanning, no system access.
Pricing
A professional security assessment costs $5,000β$15,000. CyberPosture costs $49/month.
No. The free assessment runs entirely in your browser β nothing you enter is sent to any server. Your answers, domain, and industry selection stay on your device. When Pro launches, account data will be stored securely in an encrypted database with no selling or sharing of your information, ever.
How is this different from the free NIST and CISA checklists? +
The free government checklists are comprehensive but dense β they're written for IT professionals, not business owners. CyberPosture translates those same frameworks into plain-English questions, generates an instant scored report, flags your industry-specific compliance requirements, and tells you exactly what to fix first. The checklists tell you what good looks like. We tell you where you stand and what to do next.
Do I need any technical knowledge to take the assessment? +
None at all. Every question is written in plain English β no jargon, no acronyms without explanation. If you run your business day-to-day, you can answer every question. You might not know every answer immediately, but that itself is a finding worth knowing.
Is this good enough for my cyber insurance application? +
The Pro report is a documented, framework-aligned security assessment that references NIST CSF 2.0 and CIS Controls v8 β the same standards most insurers reference. It won't replace a formal audit for large enterprises, but for most small business cyber insurance applications and renewals, it provides exactly the kind of documented security posture evidence insurers are asking for.
Who built this and why should I trust it? +
CyberPosture was built by a DFIR (Digital Forensics & Incident Response) analyst β someone who investigates actual breaches at businesses like yours for a living. Every question is based on what we see causing real incidents, not theoretical risk frameworks. The assessment is aligned to NIST Cybersecurity Framework 2.0 and CIS Controls v8, the same standards used by government agencies and major corporations.
What do I actually do with the results? +
Each critical and warning finding includes a plain-English target β what the ideal answer looks like and why it matters. Free users get their top 3 critical findings with links to free resources. Pro users get all findings with step-by-step fix guides, resource links, and a downloadable PDF to share with your IT provider, insurer, or team.
Get early access to CyberPosture
Be the first to take the full assessment when we launch. No spam β just one email when it's ready.
π You're on the list! We'll email you when CyberPosture launches.
No spam. No selling your email. Just a launch notification.