What is the Cyber Defense Score™?

The Cyber Defense Score™ is an A–F letter grade plus a 0–100 numerical score produced by a 100-tool external attack surface scan. It shows you exactly what cyber insurance underwriters see when they assess your business. It is mapped to NIST CSF 2.0, CIS Controls, SOC 2, NIST 800-171, FTC Safeguards Rule, and PCI-DSS readiness.

How does Cyber Defense Agent help with cyber insurance?

Cyber Defense Agent runs the same external scans that cyber insurance underwriters use to assess your risk. By scanning first, you can identify and fix gaps (missing MFA, DMARC, open ports, SSL issues) BEFORE your renewal or new application. This helps you avoid denials, reduce premiums, and pass underwriting on the first attempt.

What do cyber insurance underwriters scan for?

Underwriters typically scan for: MFA enforcement across all remote access, DMARC/SPF/DKIM email authentication, open RDP ports (3389), SSL/TLS configuration, known vulnerabilities in public-facing services, DNS security, and evidence of endpoint detection (EDR). Cyber Defense Agent checks all of these in 60 seconds.

Can Cyber Defense Agent help me lower my cyber insurance premium?

Yes. Carriers offer premium discounts of 10–25% for businesses that demonstrate strong security posture. By fixing the gaps Cyber Defense Agent identifies and presenting your Cyber Defense Score™ and trust page to your broker, you provide concrete evidence of risk reduction that carriers reward with lower premiums.

Why was my cyber insurance application denied?

The most common denial reasons are: no MFA on email and remote access (41% of denials), missing DMARC email authentication, open RDP ports, no EDR/endpoint protection, and no incident response plan. Cyber Defense Agent scans for all of these and shows you exactly what to fix before reapplying.

How long does a Cyber Defense Agent scan take?

A full 100-tool external attack surface scan completes in approximately 60 seconds. No software installation, no questionnaires, and no credit card is required to get started. You see the same view of your attack surface that underwriters see.

What frameworks does Cyber Defense Agent map to?

Cyber Defense Agent maps scan results to NIST CSF 2.0, CIS Controls, SOC 2, NIST 800-171, FTC Safeguards Rule, and PCI-DSS readiness. These are the same frameworks cyber insurance carriers reference in their underwriting guidelines.

How much does Cyber Defense Agent cost?

Essentials starts at $149/mo ($1,490/yr). Pro is $349/mo ($3,490/yr) and includes internal scanning, SOC 2 readiness, and full MCP toolset. Enterprise is $999/mo ($9,990/yr) with daily scans, custom framework mapping, and a dedicated AI agent instance. MSP partners pay $79/business/mo with a 25-business minimum. The free scan is always free.

How do I prepare for cyber insurance renewal?

Start 60–90 days before renewal. Run a Cyber Defense Agent scan to identify gaps. Fix critical items: enforce MFA everywhere, deploy DMARC, close open ports, update EDR. Re-scan to verify improvements. Present your Cyber Defense Score™ and trust page to your broker as evidence of improved posture. This positions you for renewal without premium increases or coverage reductions.

What is a trust page?

A trust page is a public cybersecurity posture page hosted at trust.cyberdefenseagent.ai/{your-slug}. It displays your Cyber Defense Score™, framework compliance status, and last scan date. Brokers, underwriters, and business partners can verify your security posture in 60 seconds instead of reviewing 30-page questionnaires.

Definitive Guide

The 3-2-1 Backup Strategy for Small Businesses

Backups are your last line of defense against ransomware. The 3-2-1 strategy — 3 copies, 2 media types, 1 offsite — ensures you can recover when everything else fails.

Farhad Mirza Khawar

Founder of HIPAA Agent and Cyber Defense Agent. Compliance infrastructure for SMBs. Sacramento, CA.

2026-05-01

Get My Cyber Defense Score™ →Book a 30-min review

In this guide

1. The 3-2-1 rule explained
2. Immutable backups and ransomware resilience
3. Backup testing and recovery verification

The 3-2-1 rule explained

The 3-2-1 backup strategy is the gold standard for data protection and is required or recommended by every major compliance framework and cyber insurance carrier: 3 copies of your data — The original plus two backup copies. This protects against any single point of failure destroying your data. 2 different media types — Store backups on at least two different types of storage (e.g., local NAS/server + cloud storage, or local disk + tape). Different media types protect against media-specific failures. 1 offsite copy — At least one backup must be stored offsite (cloud storage, a remote datacenter, or physically transported media). This protects against site-level disasters: fire, flood, theft, or ransomware that spreads across your local network. Modern update — 3-2-1-1-0: The updated version adds 1 immutable (unchangeable) copy and 0 errors in backup verification testing. Immutable backups are the critical addition for ransomware resilience.

Immutable backups and ransomware resilience

Modern ransomware specifically targets backups. Attackers know that if they can encrypt or delete your backups, you have no choice but to pay the ransom. This is why immutable backups are now essential. Immutable backups cannot be modified, encrypted, or deleted — even by administrators — for a defined retention period. Once written, the data is locked. Implementation options: - Cloud storage with object lock (AWS S3 Object Lock, Azure Immutable Blob Storage, Wasabi Object Lock) - Backup solutions with immutability (Veeam with hardened repository, Datto, Acronis) - Air-gapped backups (physically disconnected storage that ransomware cannot reach) Key principles for ransomware resilience: 1. At least one backup copy must be immutable or air-gapped 2. Backup credentials must be separate from your primary domain (if Active Directory is compromised, backup access shouldn't be) 3. Backup admin accounts should have MFA and be separate from daily-use accounts 4. Monitor backup jobs — ransomware sometimes corrupts backups silently over weeks before deploying encryption Cyber insurance carriers increasingly ask specifically about immutable or air-gapped backups. Having them can positively impact your premium and coverage terms.

Backup testing and recovery verification

A backup you've never tested is a backup you can't trust. Regularly test your backups to ensure they actually work when you need them: Monthly: Verify backup job completion and check for errors. Review backup logs. Confirm all critical systems and data are being backed up. Quarterly: Perform a test restore of individual files and folders. Verify data integrity by opening restored files. Time the restoration process. Annually: Perform a full disaster recovery test. Restore an entire system or server from backup. Document recovery time (RTO) and verify it meets your business requirements. Test your documented recovery procedures. What to back up (at minimum): - All business-critical data (client files, financial records, email) - System configurations and application settings - Active Directory / identity provider configuration - Security tool configurations and policies - Compliance documentation and evidence Document your backup schedule, retention periods, responsible personnel, and test results. This documentation is required by most compliance frameworks and cyber insurance carriers.

Key Takeaways

TL;DR

3-2-1 means 3 copies, 2 media types, 1 offsite — the minimum viable backup strategy.

Immutable backups are now essential — ransomware specifically targets and deletes backups.

Backup credentials must be separate from your primary domain to survive Active Directory compromise.

Test backups regularly: monthly verification, quarterly test restores, annual full DR test.

Cyber insurance carriers ask about backup strategy, immutability, and testing frequency.

Official Sources

CISA Ransomware Guide: Backups NIST SP 800-34 (Contingency Planning Guide)

FAQ

Frequently asked questions

What are immutable backups?

Immutable backups are backup copies that cannot be modified, encrypted, or deleted for a defined retention period — not even by administrators. They are implemented using cloud object lock (AWS S3, Azure, Wasabi), specialized backup solutions (Veeam, Datto), or air-gapped storage. They are the primary defense against ransomware that targets backups.

How often should backups be tested?

Monthly: verify backup job completion. Quarterly: perform test restores of individual files. Annually: full disaster recovery test including system restore. Document all test results — cyber insurers and compliance auditors require evidence of backup testing.

Do cyber insurers require specific backup practices?

Yes. Most carriers ask about backup frequency, offsite/cloud storage, immutability or air-gapping, backup testing, and whether backup credentials are separate from your primary domain. Strong backup practices can reduce premiums, while poor practices may result in coverage exclusions.

What is the difference between air-gapped and immutable backups?

Air-gapped backups are physically disconnected from the network, making them unreachable by ransomware. Immutable backups are stored on connected storage but locked against modification. Both achieve the same goal — ransomware can't destroy them. Many organizations use both: immutable cloud backups for convenience and air-gapped media for maximum protection.

Related Guides

Continue reading

Incident Response Plan Template for SMBs Building a Patch Management Policy Privileged Access Management for SMBs

Get your Cyber Defense Score™ in 60 seconds.

100 tools. No installation. No credit card. Real evidence.

Get My Cyber Defense Score™ →Book a 30-min review with Farhad