Frequently Asked Questions

Everything you need to know about RateYourCyber assessments. No technical expertise required.

Getting Started

What is a cybersecurity assessment?

A cybersecurity assessment evaluates how well your organisation protects its data, systems, and people from security threats. RateYourCyber assessments measure your current security posture across multiple domains, compare you to industry benchmarks, and identify specific gaps to address.

Unlike traditional assessments that require expensive consultants, RateYourCyber assessments are designed to be completed by business leaders themselves - no technical background needed.

How long does the assessment take?

Assessment times vary by type:

  • Cybersecurity Maturity: ~45 minutes
  • Business Continuity: ~40 minutes
  • Physical Security: ~35 minutes
  • Data Privacy: ~40 minutes
  • HR Security: ~30 minutes

You can save progress and return later if needed.

Do I need technical knowledge to complete the assessment?

No. RateYourCyber assessments use plain English and are designed for business leaders, not IT specialists. Each question includes simple explanations of what we're asking and why it matters.

If you understand how your business operates, you can complete these assessments yourself.

Do I need to hire a cybersecurity professional?

No. RateYourCyber assessments are specifically designed so you don't need external consultants or in-house security experts to complete them.

Traditional security assessments cost between £15,000 and £50,000+ and require weeks of consultant time. RateYourCyber delivers the same strategic insights at a fraction of the cost, completed in minutes rather than weeks.

Of course, if you have IT staff or security professionals, they may provide helpful input - but they're not required.

What do I get at the end?

After completing an assessment, you receive:

  • Overall score out of 1,000 points with maturity level
  • Industry comparison showing how you compare to peers
  • Domain-by-domain breakdown identifying strengths and weaknesses
  • Specific recommendations prioritised by impact
  • Board-ready reports you can share with leadership
  • PDF export for documentation and compliance

Our Assessments

What assessments does RateYourCyber offer?

RateYourCyber offers five comprehensive assessments covering all aspects of organisational security:

Cybersecurity Maturity

8 domains • ~45 minutes

  • Security Leadership & Planning
  • User Access Control
  • Network Protection
  • Computer & Device Protection
  • Software & Information Protection
  • Security Education & Culture
  • Security Monitoring & Response
  • Partner & Vendor Security

Business Continuity

8 domains • ~40 minutes

  • BC Governance & Strategy
  • Business Impact Analysis
  • Crisis Management & Communications
  • Business Continuity Planning
  • IT Disaster Recovery
  • Supply Chain & Third Party
  • Workforce Continuity
  • Testing, Training & Improvement

Physical Security

7 domains • ~35 minutes

  • Perimeter & Access Control
  • Data Center Security
  • Equipment & Asset Protection
  • Environmental Controls
  • Workplace Security
  • Third-Party Facilities
  • Monitoring & Response

Data Privacy

8 domains • ~40 minutes

  • Data Governance
  • Rights Management
  • Processing Controls
  • Security Measures
  • Breach Management
  • Third Party Management
  • Training & Awareness
  • Documentation & Records

HR Security

6 domains • ~30 minutes

  • Pre-Employment Security
  • Employment Agreements
  • Access Management
  • Security Training
  • Offboarding
  • Insider Threat

Understanding Your Results

What does my score mean?

Your score is out of 1,000 points and indicates your security maturity level:

  • 0-199 (Level 1 - Initial): Ad-hoc security practices, significant gaps
  • 200-399 (Level 2 - Developing): Some controls in place, inconsistent application
  • 400-599 (Level 3 - Defined): Documented policies and procedures, room for improvement
  • 600-799 (Level 4 - Managed): Consistent security practices, proactive approach
  • 800-1000 (Level 5 - Optimised): Industry-leading security posture

How do I compare to my industry?

RateYourCyber compares your scores against industry benchmarks for your sector. We maintain benchmark data for Technology, Finance, Healthcare, Retail, Manufacturing, Education, Aerospace, and Non-profit sectors.

Your results show whether you're above or below average for each domain, helping you understand where you stand relative to peers.

Which areas should I prioritise?

Your results highlight domains where you score below industry average - these are your priority areas. We also identify "quick wins" - improvements that are relatively easy to implement but have significant impact.

Focus on closing gaps in critical areas first, then work toward optimisation.

Platform & Pricing

Is the free assessment really free?

Yes. The free assessment gives you a genuine evaluation of your cybersecurity posture with real scores and recommendations. No credit card required, no hidden catches.

The paid plans add additional assessments, detailed reports, industry benchmarking, and ongoing features.

Can I reassess after making improvements?

Absolutely. We recommend reassessing quarterly or after significant changes to your security posture. This lets you track progress and demonstrate improvement to stakeholders.

Security & Privacy

Is my assessment data secure?

Yes. We practice what we preach. Your data is encrypted in transit and at rest, access is strictly controlled, and we never share individual assessment data with third parties.

Are you GDPR compliant?

Yes. RateYourCyber is fully GDPR compliant. We only collect data necessary to provide the service, you can export or delete your data at any time, and we maintain appropriate technical and organisational measures.

Taking Action

How do I improve my score?

Your assessment results include specific recommendations for each domain. Start with areas where you score below industry average, focus on quick wins first, then work on more complex improvements.

Many improvements don't require significant investment - they're about implementing proper processes and documentation.

Can I share results with my board?

Yes. RateYourCyber generates board-ready reports that communicate security posture in business terms. You can export PDFs, share links, and present findings without needing to translate technical jargon.

How often should I reassess?

We recommend quarterly assessments to track progress and catch emerging gaps. You should also reassess after:

  • Major system or infrastructure changes
  • Significant business changes (acquisitions, new products)
  • Security incidents
  • Regulatory changes affecting your sector

Ready to Get Started?

No technical expertise required. Complete your assessment in minutes.

Take Free Assessment