📊 Risk Assessment · Free Forever · No Sign-Up

Free SMB Cybersecurity Assessment

Answer 20 questions across 5 security domains. Get your instant 0–100 cyber risk score, domain-by-domain breakdown, insurance readiness rating, and a prioritized fix list — in about 10 minutes.

Start My Free Assessment → See Full Report ($19)

What You Get

Your Assessment Delivers Four Things

Structured around the 47 controls that actually matter for small business security — and for cyber insurance underwriting.

🎯

Instant 0–100 Score

A single, clear number that represents your overall security posture — updated immediately after you complete the assessment. Benchmarked against CIS Controls v8 and NIST CSF.

📊

Domain-by-Domain Breakdown

See exactly which of the 5 security areas (Identity, Endpoint, Network, Data, Incident Response) are strongest and which need the most attention — with specific failing controls listed.

🛡️

Insurance Readiness Score

Map your current score to what cyber insurance carriers actually look for during underwriting. Know which specific controls are missing before your next renewal or application.

📋

Prioritized Fix List

Not all gaps are equal. The assessment ranks your missing controls by risk impact so you know exactly what to fix first — focusing time and budget on what moves the needle most.

The Numbers Don't Lie

Attackers disproportionately target small and mid-size businesses because they often lack the security resources that large enterprises have. The math is simple: weaker posture = higher risk of becoming another statistic.

$3.31M
Average cost of a data breach for organizations with <500 employees
Source: IBM Cost of a Data Breach Report 2024
70.5%
Of breaches target small and mid-size businesses specifically
Source: IBM Security Intelligence 2024
95%
Of successful breaches are caused by human error — not sophisticated attack techniques
Source: Verizon DBIR 2024

How It Works

Three Steps to Your Score

No account required. No email gate. Start immediately.

1

Answer ~20 Questions

Straightforward yes/no and multiple-choice questions covering your current security controls across 5 domains. Takes about 10 minutes at your own pace.

2

Get Your Score Instantly

Immediately see your 0–100 overall score, per-domain breakdown, insurance readiness rating, and the specific controls that are missing or misconfigured.

3

Fix What Matters Most

Use your prioritized fix list to address the highest-impact gaps first. Free tools — IRP generator, policy builder, breach scanner — help you close each gap without needing a dedicated security team.

Upgrade to Full Report

Security Posture Report — $19

Want the full picture? The Security Posture Report gives you a complete written analysis of your assessment results, compliance mapping (HIPAA, SOC 2, NIST CSF), board-ready executive summary, and a detailed remediation roadmap — delivered as a PDF you can share with your team or MSP.

  • Complete PDF report with full assessment results
  • Compliance gap mapping — HIPAA, SOC 2, NIST CSF
  • Board-ready executive summary with risk narrative
  • Detailed remediation roadmap by priority
  • Insurance application-ready documentation
$19

one-time · instant PDF

Get the Full Report →

Common Questions

Frequently Asked Questions

The questions SMB owners and operators actually ask about cybersecurity assessments.

What is an SMB cybersecurity assessment?
An SMB cybersecurity assessment is a structured evaluation of a small or mid-size business's security posture across multiple domains — identity and access management, endpoint protection, network security, data security, and incident response readiness. CyberStackHub's free assessment covers 47 specific controls and produces an instant 0–100 score with a prioritized list of gaps to fix. The goal is to give SMBs a clear, objective picture of where they stand and what matters most to address first.
How long does the free cybersecurity assessment take?
Most users complete the assessment in 8–12 minutes. There are approximately 20 questions covering the 5 security domains. You answer at your own pace — there's no timer, no account required, and you can retake it anytime. Your progress is saved in localStorage so you can return mid-assessment if needed.
What does the SMB cybersecurity assessment cover?
The assessment covers 47 security controls across 5 domains: (1) Identity & Access Management — MFA enforcement, least-privilege access, service account hygiene. (2) Endpoint Security — EDR deployment, patch management, device encryption. (3) Network Security — firewall rules, VPN usage, segmentation. (4) Data Security — backup coverage, data classification, sensitive data exposure. (5) Incident Response — written IRP, tabletop testing, notification readiness. Each control is scored pass/fail and contributes to your overall 0–100 score.
What score do I need to qualify for cyber insurance?
There is no single minimum score that guarantees cyber insurance approval — each insurer sets its own criteria — but a score above 65 typically demonstrates baseline controls that most carriers look for (MFA, EDR, backups, IRP documentation). A score above 80 puts you in the best tier for preferred pricing. CyberStackHub's assessment includes an Insurance Readiness Score that maps your result to what underwriters typically look for, so you know exactly what to address before applying.
How accurate is the cyber risk score?
The score reflects your self-reported answers against established security frameworks (CIS Controls v8 and NIST CSF). It is accurate to the degree that your answers reflect your actual security posture — the assessment is designed to be honest, not inflated. The 47 controls are specific and concrete (e.g., "Is MFA enforced on all admin accounts?") rather than vague, which keeps scores grounded. For a more thorough validation, the $19 Security Posture Report includes evidence-based review and compliance mapping.
Can I retake the cybersecurity assessment?
Yes — you can retake the assessment as many times as you want, for free. There's no account required and no limit on attempts. Your progress is saved in localStorage so you can return to finish. Each completion generates a new score. Retaking is useful after implementing changes to see how your posture has improved, or to compare results across different times of year.
What happens after I complete the assessment?
Immediately after completing the assessment you receive: (1) An overall 0–100 CyberStackHub Score. (2) A domain-by-domain breakdown showing which of the 5 security areas are strongest and weakest. (3) An Insurance Readiness Score showing how your posture maps to common cyber insurance requirements. (4) A prioritized list of the specific controls that are missing or misconfigured, ordered by risk impact. You can then use the free tools (IRP generator, policy builder, breach scanner) to address gaps, or upgrade to the $19 Security Posture Report for a full PDF with compliance mapping and board-ready summary.
Is my data kept private?
The free assessment does not require an account — your answers are saved only in your browser's localStorage and are not transmitted to CyberStackHub's servers unless you explicitly create an account or purchase a report. The assessment tool does not collect email addresses, IP addresses, or any personally identifiable information. If you upgrade to the Security Posture Report ($19), your answers are stored securely to generate your PDF. CyberStackHub does not sell or share assessment data with third parties. See the Privacy Policy for full details.

See Where You Actually Stand

10 minutes. 47 controls. Your real security score. Start now — it's completely free and no sign-up is required.

Take Free Assessment → Download 42-Point Checklist