Skip to main content
Back to Shop
Cyber Risk Scoring Tool preview
CYBERSECURITY

Cyber Risk Scoring Tool

Board-ready cyber risk scoring on a documented 1–5 likelihood × impact rubric. Inherent and residual scores, control uplift, and a one-page board summary you can export.

FAIR-modelcyber-insurancefinancial-riskboardALECE-2026MFA-mandatoryCyber-Essentials-2026NCSC-2026ISO-27001-2022

🛡️ CYBER ESSENTIALS 2026 UPDATE — EFFECTIVE 28 APRIL 2026

The Cyber Essentials scheme is updated from 28 April 2026 with stricter criteria: mandatory multi-factor authentication (MFA) for all cloud services and admin accounts, tighter password policies, expanded scope for home workers and BYOD devices, and new vulnerability management timelines. All UK government suppliers must meet the updated standard. This product is aligned with the CE 2026 requirements.

📊 QUANTIFY YOUR CYBER RISK — FOR BOARDS, INSURERS, AND REGULATORS

Boards need a number. Insurers need a number. NIS2 Art. 20 requires documented risk assessment. "We think we're secure" is not a risk assessment. A quantified, repeatable, comparable cyber risk score is the foundation of security governance.

Cyber Risk Scoring Tool — Your Security Posture in One Number

Structured risk scoring on a documented 1–5 likelihood × impact rubric — repeatable, comparable over time, and exportable for boards and insurers. The score that answers "how secure are we?" with a method you can defend line by line.

  • 12-Domain Model: Identity, endpoint, network, email, data, cloud, supply chain, IR, governance, training, vulnerability management, BCP
  • 1–25 Risk Score: Likelihood × impact, banded low / medium / high / critical — inherent and residual, re-scored the moment you update the register
  • Control Uplift: See exactly how much your preventive and recovery controls pull each risk down — inherent vs residual, with the arithmetic shown
  • Board Report: One-page monthly summary for directors
  • Insurer Export: Evidence formatted for insurance applications
  • Framework Alignment: Score mapped to Cyber Essentials, ISO 27001, NIS2
  • Priority Actions: Top 5 improvements with highest score impact
  • Historical Trend: 12-month rolling comparison — improvement evidence

💷 THE MATHS

£49/month. SecurityScorecard: £15,000+/year. Board visibility: NIS2 Art. 20 requirement. One number that drives security investment decisions.

📋 ISO 27001:2022 TRANSITION

ISO 27001:2013 certifications expired 31 October 2025. All organisations must now operate under ISO 27001:2022, which adds 11 new controls including threat intelligence, cloud security, data masking, and secure development. This product's controls are mapped to the 2022 standard.

📅 How this subscription works — month-1 to month-12

  • Day 1 onboarding: instant portal access, automated onboarding checklist and baseline assessment intake — getting started guide delivered automatically.
  • First week setup: integrations wired, first report generated, MLRO / DPO / IT lead invited to the portal.
  • Ongoing monthly delivery: updated compliance report, new-regulation tracker delta, audit-trail snapshot, continuous regulatory updates aligned to your sector.
  • Cancellation: cancel any time from the portal — no contract lock-in; 30-day data export window after cancellation.

⚠️ Legal disclaimer (COMPLIANCE): This product is provided for information and compliance documentation only; it is not regulatory advice. Read the full disclaimer below or in our Terms of Service before purchase.

Cyber Essentials 2026 Coverage (Risk Quantification)

The scorer rates risk across the CE 2026 five-control surface:

  • Firewalls — Likelihood and impact rated for network boundary failures (perimeter breach scenarios)
  • Secure configuration — Risk scoring for misconfigured systems (no hardening, baseline drift); CIS-benchmark gap quantification
  • User access control + MFA mandate — MFA gap risk quantification (CE 2026 mandate 28 April 2026); credential-compromise loss modelling; privileged access risk scoring
  • Malware protection — Endpoint protection coverage gap risk (uncovered devices = quantified financial exposure)
  • Security update management — Patch lag scored as its own scenario (vulnerability management SLA breach raises likelihood)

£79.00/mo

MONTHLY SUBSCRIPTION · No VAT (not registered)

Delivery: Instant on payment
Refund: 14-day satisfaction guarantee
Instant download after payment
UK GDPR compliant
Secure checkout via Stripe
Not VAT registered — no VAT charged

Trust & Delivery

ICO registered ZC112810

UK Information Commissioner's Office data controller registration.

Companies House 16419201

SummitBridge Horizon Ltd — registered 30 April 2025, London.

14-day satisfaction guarantee

See refund policy for full terms.

Sample materials available

Request a sample

Compare with the market

5 direct and adjacent competitors tracked.

VendorTheir priceThreatvs SBHTheir advantagesOur advantages
Kovrr

IL

HIGHpricier
RiskLens (Safe Security)

US

HIGHpricierFAIR thought-leaderUK-priced · Board-ready reports
UpGuard

AU

$5,999+ /yrMEDIUMpricier
BitSight

US

MEDIUMpricier
SecurityScorecard

US

MEDIUMpricier

Compliance Snapshot

Regulatory posture for this product — for procurement and security teams.

General-purpose (limited- or minimal-risk)

Conformity scaffold in place — formal record not yet published