Cyber Risk Score Calculator

Get your organization's cyber risk score in under 2 minutes. 15 weighted questions across 7 security categories. Visual gauge, category breakdown, and prioritized gap list.

How Your Cyber Risk Score Is Calculated

Your cyber risk score reflects how well your organization addresses the security controls that matter most. Each of the 15 questions is weighted based on its impact on your overall risk posture. Controls like MFA, encryption, and incident response carry the highest weights because they have the greatest effect on breach prevention and damage reduction.

The score ranges from 0 to 100, where 100 means all assessed controls are fully implemented. A "Yes" answer earns full points for that control, "Partial" earns half, and "No" earns zero. The category breakdown shows which security domains need the most attention.

This is a rapid assessment designed for quick insights. For a deeper evaluation, our Cybersecurity Maturity Assessment covers 39 controls across 6 NIST CSF functions with maturity-level scoring.

Understanding Your Score

80-100 — Low Risk. Strong security posture across most categories. Focus on maintaining and continuously improving. Consider ISO 27001 certification to formalize your programme. Use our ISO 27001 Gap Assessment to check readiness.

60-79 — Moderate Risk. Decent foundation with notable gaps. You likely have some controls in place but inconsistently applied or partially implemented. Focus on moving "Partial" answers to "Yes."

40-59 — High Risk. Significant gaps that leave your organization exposed. Start with the highest-weighted gaps: MFA, encryption, patching, and incident response.

0-39 — Critical Risk. Fundamental security measures are missing. Prioritize immediately: enable MFA, deploy encryption, start patching, and document an incident response plan. Our Cybersecurity Checklist for Startups provides a step-by-step path forward.

Frequently Asked Questions

How is the cyber risk score weighted?

Each question has a weight from 4-8 based on its impact on security. MFA, encryption, patching, incident response, and backup testing carry the highest weights (7-8 points) because they have the most significant effect on preventing or mitigating breaches.

How often should I reassess?

Reassess quarterly or after significant changes — new systems, new vendors, organizational changes, or after a security incident. Tracking your score over time helps demonstrate improvement to management.

Is my data stored?

No. Everything runs in your browser. No data is sent to any server. Take a screenshot of your results before leaving.

Related Articles

Cybersecurity Checklist for Startups

20 things to do, ordered by impact.

GDPR Breach Cost Analysis

What a breach costs when your score is low.

Related Tools

Cybersecurity Maturity Assessment

Deeper 39-question NIST CSF assessment.

Breach Cost Calculator

Estimate financial impact of a data breach.

Disclaimer: This is a rapid self-assessment for informational purposes. It does not constitute a security audit. Consult qualified professionals for comprehensive assessments. Created by ClevSec.

Last updated: April 2026