Cyber Risk Score Calculator
How Secure Is Your Business—Really?
It’s easy to focus on the price of cybersecurity tools.
But what about the risk you’re carrying day to day—phishing, ransomware, data loss, account takeovers?
Are key protocols and policies set and correctly configured?
Have you asked your admin about DNS, SPF, DMARC, DKIM, MFA/passkeys, SOC, MDM, EDR or BCDR?
In a few clicks, this calculator shows your current risk posture and where to improve first.
- Fast: takes 2–3 minutes
- Private: calculated in your browser—no data sent
- Actionable: clear next steps based on your score
Check your score now!
Cyber Score Calculator
Check the protections you use. The score bar at the top will update.
Ready to Improve Your Score?
When you’re ready to invest in reliable, right-sized security, book a quick 15-minute video call. We’ll review your results and outline a 90-day improvement plan.
Prefer to Talk to a Human?
Contact us. Tell us about your goals and current tools—we’ll reach out with next steps.
Prefer to Talk to a Human?
Contact us. Tell us about your goals and current tools—we’ll reach out with next steps.
Ready to Improve Your Score?
When you’re ready to invest in reliable, right-sized security, book a quick 15-minute video call. We’ll review your results and outline a 90-day improvement plan.
What We Recommend for Most Businesses
- MFA/passkeys for all users and a password manager
- Endpoint protection (EDR or next-gen AV)
- Fast updates (OS/apps within 14 days)
- Advanced email filtering + DMARC/SPF/DKIM
- Backups with an offline/immutable copy (and test restores quarterly)
Frequently Asked Questions
Is this a certification?
No. It’s a quick self-check to guide priorities. If you need formal assurance (e.g., SOC 2 or ISO 27001), we can advise.
Does a 100% score mean zero risk?
No one has zero risk. A high score means you’ve addressed the highest-value controls most attackers exploit.
Can you help us implement improvements?
Yes—Rollout of MFA/passkeys, email security, backups, endpoint protection, policy updates, and staff education.
Do you collect or store my answers or score?
No. The calculator runs in your browser, and your selections are not sent anywhere. If you choose to contact us, only the information you submit is shared.
How is the score calculated?
Each checkbox adds points based on how much that control typically reduces real-world risk. Bigger-impact controls get more weight because they cut off common attack paths like credential theft, email impersonation, and ransomware.
Show more
Who should complete this?
Ideally: the person who owns day-to-day operations and the person who owns IT. If that’s one person at your org, that’s fine. The goal is a realistic snapshot, not a perfect audit.
What if I’m not sure whether we have a control?
Assume “no” until you can confirm it. Most teams overestimate coverage when details are fuzzy, especially around email authentication, backups, and logging. Being conservative gives you a better priority list.
What should we do first if our score is low?
Start with identity and inbox protection: MFA (passkeys/WebAuthn where possible), DMARC, SPF, and DKIM. Then tighten endpoints and recovery: EDR, faster patching, and backups with tested restores. If you fix the basics, you usually see the biggest risk drop quickly.
How often should we re-run this score?
Quarterly is a good baseline. Also re-run it after any major change like a new IT provider, new email platform, a merger, or a security incident. Treat it like a simple scoreboard.
Does “MFA everywhere” include SMS codes?
SMS is better than nothing, but it is not the strongest option. If you can, prioritize phishing-resistant methods first (passkeys/WebAuthn, security keys, or strong authenticator-based MFA) for email, admin accounts, and remote access.
Show more
What does “BC/DR validated” mean?
It means you have a business continuity and disaster recovery plan, and you have verified it works. “Validated” is the key word. You have tested restores and documented what happens when systems or data are unavailable.
What’s the difference between “SaaS backups” and “air-gapped backup”?
SaaS backups cover cloud apps like Microsoft 365 or Google Workspace so deleted or encrypted data can be recovered. An air-gapped or immutable copy is a separate backup that ransomware cannot easily reach. Having both is what makes recovery dependable.
Other Services You Might Find Valuable
IT Projects & Support
Stay ahead in a rapidly evolving tech landscape. Our nationwide network invests in cutting-edge research and expertise to bring the latest innovations directly to your business.
Managed IT Services
Enjoy top-tier security and availability—anytime, anywhere, on any device. With our three-tiered managed IT services, your network remains secure and operational.
Cloud Services
Leverage the power of the cloud to expand your business capabilities. Whether you need public, private, or hybrid solutions, our experts will guide you toward the best fit for your needs.
Let's get started