SMB Security Assessment

The security baseline cyber insurers actually ask for — without a six-figure consulting engagement.

A free 12-question self-assessment. It covers access management, data classification, backup and recovery, and patching. With it comes a practical toolkit: policies, Word templates, Excel workbooks, training decks, and tabletop exercises. The assessment runs in your browser. Your answers never leave your device.

Take the free assessment See the toolkit tiers
Pick a tier

Three tiers — one for solo operators, one for small businesses, one for consultants.

Solo
$49one-time
Freelancers, independent consultants, one-person LLCs
  • 8-question Solo self-assessment
  • Personal multi-factor authentication setup guide
  • Personal backup setup guide
  • Account-compromise recovery playbook
  • Solo Identity and Access Management playbook
  • Phishing and scam recognition card
Buy Solo — $49
SMB Most popular
$99one-time
Small businesses, 2–50 employees
  • 12-question SMB self-assessment
  • 11 toolkit guides (~160 pages) including the four category toolkits
  • 16 working Word templates: policies, incident-response notes, and an offboarding checklist
  • 5 Excel workbooks: asset inventory, risk register, and vendor risk scoring
  • 6 Security Awareness training slide decks
  • 6 facilitated tabletop exercises
Buy SMB — $99
Pro Consultant
$299one-time
For consultants, managed service providers, and fractional security chiefs.
  • Everything in SMB
  • Consultant pack: contract, statement-of-work, engagement-letter, and NDA templates
  • Executive Findings Report template and Annual Risk Assessment template
  • Branded findings deck and quarterly board-reporting deck
  • Multi-client tracking dashboard
  • Pricing & Packaging Guide and 1-Day Assessment playbook
  • Reseller / white-label terms
Buy Pro Consultant — $299
How it works

Two paths into the toolkit.

1. Take the free assessment

12 questions across four security areas. About five minutes. Returns a category-by-category snapshot of where your business is exposed. Runs in your browser — no email required, no data transmitted.

Take the free assessment →

2. Read the free 5-fixes guide

"Your First 5 High-Impact Security Fixes" walks through the actions that address the most common attacks on small businesses, in the right order, with time estimates. Three minutes to read.

Read the free 5-fixes guide →

Your assessment data never leaves your device.

The free SMB Security self-assessment scores you in the browser. There is no server that sees your answers. We collect your email address only if you choose to enter it for the First 5 Security Fixes guide. Nothing else.

Our website uses Cloudflare's server-side traffic analytics for aggregate page counts — no JavaScript injection, no cookies, no identifiable data.

Related toolkits
GDPR Compliance

GDPR Checklist

If your business handles any European customer data, the GDPR Checklist covers the privacy-compliance side that the security assessment does not.

See the GDPR Checklist →
 Product Security

PSIRT Response

Do you ship a software product, not just run internal systems? PSIRT Response covers handling vulnerability reports from researchers.

See PSIRT Response →