Built by a DFIR analyst Β· NIST & CIS aligned

Know how protected your business really is.

Answer plain-English questions scoped to your business. Get a real security score, industry-specific compliance alerts, and a prioritized action plan β€” in under 20 minutes.

No account needed Β· Takes ~20 minutes Β· Results are instant

Sample Security Report
Your Business LLC
42 / 100
Fair β€” gaps exist
πŸ” Access Control
28%
πŸ’Ύ Backups
52%
πŸ“§ Email Security
82%
πŸ–₯️ Devices
44%
🚨 Incident Response
20%
πŸ‘₯ Staff Awareness
75%
πŸ”’Free assessment runs in your browser
πŸ“‹NIST CSF 2.0 aligned
πŸ›‘οΈCIS Controls v8 mapped
⏱️Results in ~20 minutes
88%
of SMB breaches involved ransomware in 2024 (Verizon DBIR 2025)
$115k
median ransom payment β€” and most victims still lose data (Verizon DBIR 2025)
68%
of breaches involved a human element β€” phishing, credentials, or social engineering (Verizon DBIR 2025)
Three steps to knowing where you stand.
01

Answer plain-English questions

No tech jargon. Covers passwords, backups, devices, email, cloud security, incident response, and vendor risk β€” scoped to your business (solo vs. team, office vs. remote, cloud vs. on-prem).

02

Get your score + top findings

FreeInstant 0–100 readiness score, industry-specific compliance alert, and your top 3 critical findings.

ProEvery finding unlocked, step-by-step fix guides, and an insurer-ready PDF report.

03

Improve over time Pro

Pro subscribers reassess monthly and watch their score climb. Track progress over time. Show clients and insurers documented improvement.

Built by someone who investigates breaches β€” not someone who sells software.
What every free assessment gives you
πŸ”¬

DFIR-designed questions

Every question targets what actually causes breaches β€” not theoretical risks. Written from real incident response experience.

πŸ₯

Industry-aware compliance

Select your industry and get specific regulatory alerts β€” HIPAA, PCI-DSS, state privacy laws β€” tailored to your business type.

πŸ”

MFA hierarchy scoring

We don't just ask "do you have MFA?" β€” we score passkeys and hardware keys higher than authenticator apps higher than SMS. Because the difference matters.

What Pro adds
Pro
🌐

Real domain scanning

Enter your domain and we check your email authentication (SPF, DKIM, DMARC) β€” showing you a real technical finding, not just a questionnaire.

πŸ›‘οΈ

Cyber-insurance prep check

See exactly which of your answers would be flagged on a typical cyber insurance application β€” before you submit. Close the gaps that disqualify SMBs from coverage or trigger higher premiums.

Pro
πŸ“„

Insurer-ready PDF reports

Download a branded report aligned to NIST CSF 2.0 and CIS Controls v8 β€” frameworks underwriters and brokers actually recognize as supporting documentation.

Pro
πŸ“ˆ

Monthly progress tracking

Pro subscribers reassess monthly and see their score trend over time. Concrete evidence of improvement β€” not just a one-time snapshot.

An honest answer to "is this safe?"
πŸ”’

What we store. What we don't.

CyberPosture is a self-assessment tool. It asks questions about your security practices β€” not your business operations. Here's exactly what that means for your data.

βœ“
What we store (Pro accounts only): Your email, your assessment answers, your score history, and your subscription status. That's it.
βœ•
What we never see or store: Your customer data, employee records, business systems, network access, files, passwords, or anything that runs your business.
βœ•
What we never do: Sell your email. Share your data with advertisers. Use your answers to train AI. Send unsolicited marketing.
βœ“
Free assessments: Run entirely in your browser. Nothing is sent to any server. Close the tab and your answers disappear.
βœ“
Domain scans (Pro): Public DNS lookups only β€” the same information anyone with internet access can see. No intrusive scanning, no system access.
A professional security assessment costs $5,000–$15,000.
CyberPosture Pro will be $99/month at launch.
Free
$0
See where you stand right now.
  • Full security readiness assessment
  • Overall readiness score
  • Top 3 critical findings with fix targets
  • Free public resource links (CISA, NIST)
  • Industry compliance alert
Start free β†’
Most Popular
Pro
$99/mo
For businesses that want to stay protected.
  • Everything in Free
  • All findings (not just top 3)
  • Step-by-step fix guides for every finding
  • Email security domain scan (SPF, DKIM, DMARC)
  • Premium resource library (templates, checklists)
  • Monthly reassessments + score trend tracking
  • Insurer-ready PDF report
  • Incident response plan template
Questions you probably have.
No. The free assessment runs entirely in your browser β€” nothing you enter is sent to any server. Your answers, domain, and industry selection stay on your device. When Pro launches, account data will be stored securely in an encrypted database with no selling or sharing of your information, ever.
The free government checklists are comprehensive but dense β€” they're written for IT professionals, not business owners. CyberPosture translates those same frameworks into plain-English questions, generates an instant scored report, flags your industry-specific compliance requirements, and tells you exactly what to fix first. The checklists tell you what good looks like. We tell you where you stand and what to do next.
None at all. Every question is written in plain English β€” no jargon, no acronyms without explanation. If you run your business day-to-day, you can answer every question. You might not know every answer immediately, but that itself is a finding worth knowing.
No β€” and any tool that claims otherwise is misleading you. Cyber insurance underwriters run their own external scans, require their own signed application, and verify high-risk controls with supporting evidence (written policies, EDR coverage exports, backup configurations). What CyberPosture does is show you exactly which underwriting questions you'd be flagged on before you apply β€” so you can close those gaps, qualify for coverage you'd otherwise be declined for, and avoid the higher premiums that come with weak controls. The Pro PDF report is structured as a NIST CSF 2.0 + CIS Controls v8 self-assessment, which is a format some carriers accept as supporting documentation for smaller policies. It's a prep tool, not a certification.
CyberPosture was built by a DFIR (Digital Forensics & Incident Response) analyst β€” someone who investigates actual breaches at businesses like yours for a living. Every question is based on what we see causing real incidents, not theoretical risk frameworks. The assessment is aligned to NIST Cybersecurity Framework 2.0 and CIS Controls v8, the same standards used by government agencies and major corporations.
Each critical and warning finding includes a plain-English target β€” what the ideal answer looks like and why it matters. Free users get their top 3 critical findings with links to free resources. Pro users get all findings with step-by-step fix guides, resource links, and a downloadable PDF to share with your IT provider, insurer, or team.

Get early access to CyberPosture

Be the first to access CyberPosture Pro when we launch. No spam β€” just one email when it's ready.