Answer plain-English questions scoped to your business. Get a real security score, industry-specific compliance alerts, and a prioritized action plan β in under 20 minutes.
No account needed Β· Takes ~20 minutes Β· Results are instant
Sample Security Report
Your Business LLC
42 / 100
Fair β gaps exist
π Access Control
28%
πΎ Backups
52%
π§ Email Security
82%
π₯οΈ Devices
44%
π¨ Incident Response
20%
π₯ Staff Awareness
75%
πFree assessment runs in your browser
πNIST CSF 2.0 aligned
π‘οΈCIS Controls v8 mapped
β±οΈResults in ~20 minutes
88%
of SMB breaches involved ransomware in 2024 (Verizon DBIR 2025)
$115k
median ransom payment β and most victims still lose data (Verizon DBIR 2025)
68%
of breaches involved a human element β phishing, credentials, or social engineering (Verizon DBIR 2025)
How it works
Three steps to knowing where you stand.
01
Answer plain-English questions
No tech jargon. Covers passwords, backups, devices, email, cloud security, incident response, and vendor risk β scoped to your business (solo vs. team, office vs. remote, cloud vs. on-prem).
02
Get your score + top findings
FreeInstant 0β100 readiness score, industry-specific compliance alert, and your top 3 critical findings.
ProEvery finding unlocked, step-by-step fix guides, and an insurer-ready PDF report.
03
Improve over time Pro
Pro subscribers reassess monthly and watch their score climb. Track progress over time. Show clients and insurers documented improvement.
Why CyberPosture is different
Built by someone who investigates breaches β not someone who sells software.
What every free assessment gives you
π¬
DFIR-designed questions
Every question targets what actually causes breaches β not theoretical risks. Written from real incident response experience.
π₯
Industry-aware compliance
Select your industry and get specific regulatory alerts β HIPAA, PCI-DSS, state privacy laws β tailored to your business type.
π
MFA hierarchy scoring
We don't just ask "do you have MFA?" β we score passkeys and hardware keys higher than authenticator apps higher than SMS. Because the difference matters.
What Pro adds
Pro
π
Real domain scanning
Enter your domain and we check your email authentication (SPF, DKIM, DMARC) β showing you a real technical finding, not just a questionnaire.
π‘οΈ
Cyber-insurance prep check
See exactly which of your answers would be flagged on a typical cyber insurance application β before you submit. Close the gaps that disqualify SMBs from coverage or trigger higher premiums.
Pro
π
Insurer-ready PDF reports
Download a branded report aligned to NIST CSF 2.0 and CIS Controls v8 β frameworks underwriters and brokers actually recognize as supporting documentation.
Pro
π
Monthly progress tracking
Pro subscribers reassess monthly and see their score trend over time. Concrete evidence of improvement β not just a one-time snapshot.
Your Data
An honest answer to "is this safe?"
π
What we store. What we don't.
CyberPosture is a self-assessment tool. It asks questions about your security practices β not your business operations. Here's exactly what that means for your data.
β
What we store (Pro accounts only): Your email, your assessment answers, your score history, and your subscription status. That's it.
β
What we never see or store: Your customer data, employee records, business systems, network access, files, passwords, or anything that runs your business.
β
What we never do: Sell your email. Share your data with advertisers. Use your answers to train AI. Send unsolicited marketing.
β
Free assessments: Run entirely in your browser. Nothing is sent to any server. Close the tab and your answers disappear.
β
Domain scans (Pro): Public DNS lookups only β the same information anyone with internet access can see. No intrusive scanning, no system access.
Pricing
A professional security assessment costs $5,000β$15,000. CyberPosture Pro will be $99/month at launch.
No. The free assessment runs entirely in your browser β nothing you enter is sent to any server. Your answers, domain, and industry selection stay on your device. When Pro launches, account data will be stored securely in an encrypted database with no selling or sharing of your information, ever.
The free government checklists are comprehensive but dense β they're written for IT professionals, not business owners. CyberPosture translates those same frameworks into plain-English questions, generates an instant scored report, flags your industry-specific compliance requirements, and tells you exactly what to fix first. The checklists tell you what good looks like. We tell you where you stand and what to do next.
None at all. Every question is written in plain English β no jargon, no acronyms without explanation. If you run your business day-to-day, you can answer every question. You might not know every answer immediately, but that itself is a finding worth knowing.
No β and any tool that claims otherwise is misleading you. Cyber insurance underwriters run their own external scans, require their own signed application, and verify high-risk controls with supporting evidence (written policies, EDR coverage exports, backup configurations). What CyberPosture does is show you exactly which underwriting questions you'd be flagged on before you apply β so you can close those gaps, qualify for coverage you'd otherwise be declined for, and avoid the higher premiums that come with weak controls. The Pro PDF report is structured as a NIST CSF 2.0 + CIS Controls v8 self-assessment, which is a format some carriers accept as supporting documentation for smaller policies. It's a prep tool, not a certification.
CyberPosture was built by a DFIR (Digital Forensics & Incident Response) analyst β someone who investigates actual breaches at businesses like yours for a living. Every question is based on what we see causing real incidents, not theoretical risk frameworks. The assessment is aligned to NIST Cybersecurity Framework 2.0 and CIS Controls v8, the same standards used by government agencies and major corporations.
Each critical and warning finding includes a plain-English target β what the ideal answer looks like and why it matters. Free users get their top 3 critical findings with links to free resources. Pro users get all findings with step-by-step fix guides, resource links, and a downloadable PDF to share with your IT provider, insurer, or team.
Get early access to CyberPosture
Be the first to access CyberPosture Pro when we launch. No spam β just one email when it's ready.
π You're on the list! We'll email you when CyberPosture launches.
No spam. No selling your email. Just a launch notification.