Cyber Risk Scoring Tool
Board-ready cyber risk scoring on a documented 1–5 likelihood × impact rubric. Inherent and residual scores, control uplift, and a one-page board summary you can export.
🛡️ CYBER ESSENTIALS 2026 UPDATE — EFFECTIVE 28 APRIL 2026
The Cyber Essentials scheme is updated from 28 April 2026 with stricter criteria: mandatory multi-factor authentication (MFA) for all cloud services and admin accounts, tighter password policies, expanded scope for home workers and BYOD devices, and new vulnerability management timelines. All UK government suppliers must meet the updated standard. This product is aligned with the CE 2026 requirements.
📊 QUANTIFY YOUR CYBER RISK — FOR BOARDS, INSURERS, AND REGULATORS
Boards need a number. Insurers need a number. NIS2 Art. 20 requires documented risk assessment. "We think we're secure" is not a risk assessment. A quantified, repeatable, comparable cyber risk score is the foundation of security governance.
Cyber Risk Scoring Tool — Your Security Posture in One Number
Structured risk scoring on a documented 1–5 likelihood × impact rubric — repeatable, comparable over time, and exportable for boards and insurers. The score that answers "how secure are we?" with a method you can defend line by line.
- 12-Domain Model: Identity, endpoint, network, email, data, cloud, supply chain, IR, governance, training, vulnerability management, BCP
- 1–25 Risk Score: Likelihood × impact, banded low / medium / high / critical — inherent and residual, re-scored the moment you update the register
- Control Uplift: See exactly how much your preventive and recovery controls pull each risk down — inherent vs residual, with the arithmetic shown
- Board Report: One-page monthly summary for directors
- Insurer Export: Evidence formatted for insurance applications
- Framework Alignment: Score mapped to Cyber Essentials, ISO 27001, NIS2
- Priority Actions: Top 5 improvements with highest score impact
- Historical Trend: 12-month rolling comparison — improvement evidence
💷 THE MATHS
£49/month. SecurityScorecard: £15,000+/year. Board visibility: NIS2 Art. 20 requirement. One number that drives security investment decisions.
📋 ISO 27001:2022 TRANSITION
ISO 27001:2013 certifications expired 31 October 2025. All organisations must now operate under ISO 27001:2022, which adds 11 new controls including threat intelligence, cloud security, data masking, and secure development. This product's controls are mapped to the 2022 standard.
📅 How this subscription works — month-1 to month-12
- Day 1 onboarding: instant portal access, automated onboarding checklist and baseline assessment intake — getting started guide delivered automatically.
- First week setup: integrations wired, first report generated, MLRO / DPO / IT lead invited to the portal.
- Ongoing monthly delivery: updated compliance report, new-regulation tracker delta, audit-trail snapshot, continuous regulatory updates aligned to your sector.
- Cancellation: cancel any time from the portal — no contract lock-in; 30-day data export window after cancellation.
⚠️ Legal disclaimer (COMPLIANCE): This product is provided for information and compliance documentation only; it is not regulatory advice. Read the full disclaimer below or in our Terms of Service before purchase.
Cyber Essentials 2026 Coverage (Risk Quantification)
The scorer rates risk across the CE 2026 five-control surface:
- Firewalls — Likelihood and impact rated for network boundary failures (perimeter breach scenarios)
- Secure configuration — Risk scoring for misconfigured systems (no hardening, baseline drift); CIS-benchmark gap quantification
- User access control + MFA mandate — MFA gap risk quantification (CE 2026 mandate 28 April 2026); credential-compromise loss modelling; privileged access risk scoring
- Malware protection — Endpoint protection coverage gap risk (uncovered devices = quantified financial exposure)
- Security update management — Patch lag scored as its own scenario (vulnerability management SLA breach raises likelihood)
£79.00/mo
MONTHLY SUBSCRIPTION · No VAT (not registered)
Trust & Delivery
ICO registered ZC112810
UK Information Commissioner's Office data controller registration.
Companies House 16419201
SummitBridge Horizon Ltd — registered 30 April 2025, London.
14-day satisfaction guarantee
See refund policy for full terms.
Sample materials available
Compare with the market
5 direct and adjacent competitors tracked.
| Vendor | Their price | Threat | vs SBH | Their advantages | Our advantages |
|---|---|---|---|---|---|
| Kovrr IL | — | HIGH | pricier | — | — |
| RiskLens (Safe Security) US | — | HIGH | pricier | FAIR thought-leader | UK-priced · Board-ready reports |
| UpGuard AU | $5,999+ /yr | MEDIUM | pricier | — | — |
| BitSight US | — | MEDIUM | pricier | — | — |
| SecurityScorecard US | — | MEDIUM | pricier | — | — |
Compliance Snapshot
Regulatory posture for this product — for procurement and security teams.
Conformity scaffold in place — formal record not yet published