Cyber Risk Checklist
Single Excel checklist — 120 controls mapped to NIS2, Cyber Essentials and ISO 27001 with RAG status and evidence tracking. The checklist only.
📋 KNOW YOUR RISK IN 15 MINUTES — THE STARTING POINT FOR EVERY CYBER JOURNEY
Most businesses cannot answer the question "how secure are we?" The answer matters: cyber insurers ask it, enterprise customers ask it, NIS2 requires it, and boards need it. This checklist gives you a defensible answer in 15 minutes — covering the 25 controls that determine 90% of your risk posture.
Cyber Risk Checklist — 25 Controls, 15 Minutes, Actionable Score
Not a questionnaire that produces a vague report. Each of the 25 controls is scored Pass/Partial/Fail with a specific remediation action. The result is a numbered risk score you can track over time, share with insurers, and use as the starting point for Cyber Essentials, ISO 27001, or NIS2 compliance.
- 25 Critical Controls: MFA, patching, backup, email security, endpoint protection, access control, encryption, incident response — the controls that matter most
- Pass/Partial/Fail Scoring: Each control assessed with clear criteria — no ambiguity about what "good" looks like
- Risk Score (0–100): Composite score tracking your overall security posture — comparable over time
- Priority Remediation List: Top 5 actions that will improve your score the most — effort vs impact ranked
- Cyber Essentials Alignment: Score mapped to Cyber Essentials v3.1 readiness — know if you would pass today
- Board Summary: One-page executive summary of your risk posture — for directors, investors, or insurers
- Quarterly Re-Assessment: Track improvement over time — evidence of continuous security improvement for regulators
- Insurer-Ready Export: Risk posture summary formatted for cyber insurance applications — supports premium reduction
💷 THE MATHS
£29 one-time. Security risk assessment by consultant: £2,000–5,000. Cyber insurance questionnaire preparation: £500–1,000. Not knowing your risk posture: priceless (in the worst way). 15 minutes to understand where you stand — then decide what to do about it.
📋 ISO 27001:2022 TRANSITION
ISO 27001:2013 certifications expired 31 October 2025. All organisations must now operate under ISO 27001:2022, which adds 11 new controls including threat intelligence, cloud security, data masking, and secure development. This product's controls are mapped to the 2022 standard.
📦 Delivery & deliverables
- Turnaround: assessment delivery within 36 business hours after intake completion. Multi-jurisdiction packages: up to 5 business days.
- Sample output: a redacted sample deliverable (report + appendices) is available on request — email [email protected] with the product name.
- Revision & satisfaction: one round of revisions included; if the deliverable does not meet the agreed brief, full money-back refund within the 14-day window.
£49.00
One-time payment · No VAT (not registered)
Trust & Delivery
ICO registered ZC112810
UK Information Commissioner's Office data controller registration.
Companies House 16419201
SummitBridge Horizon Ltd — registered 30 April 2025, London.
14-day satisfaction guarantee
See refund policy for full terms.
Sample materials available
Compare with the market
2 direct and adjacent competitors tracked.
| Vendor | Their price | Threat | vs SBH | Their advantages | Our advantages |
|---|---|---|---|---|---|
| IT Governance UK GB | £800+ per assessment | HIGH | pricier | Brand · ISO pedigree | £49 one-off · Actionable |
| ISMS.online GB | £5,000+ /yr | MEDIUM | pricier | — | — |
Compliance Snapshot
Regulatory posture for this product — for procurement and security teams.
Conformity scaffold in place — formal record not yet published