What is the Cyber Defense Score™?

The Cyber Defense Score™ is an A–F letter grade plus a 0–100 numerical score produced by a 100-tool external attack surface scan. It shows you exactly what cyber insurance underwriters see when they assess your business. It is mapped to NIST CSF 2.0, CIS Controls, SOC 2, NIST 800-171, FTC Safeguards Rule, and PCI-DSS readiness.

How does Cyber Defense Agent help with cyber insurance?

Cyber Defense Agent runs the same external scans that cyber insurance underwriters use to assess your risk. By scanning first, you can identify and fix gaps (missing MFA, DMARC, open ports, SSL issues) BEFORE your renewal or new application. This helps you avoid denials, reduce premiums, and pass underwriting on the first attempt.

What do cyber insurance underwriters scan for?

Underwriters typically scan for: MFA enforcement across all remote access, DMARC/SPF/DKIM email authentication, open RDP ports (3389), SSL/TLS configuration, known vulnerabilities in public-facing services, DNS security, and evidence of endpoint detection (EDR). Cyber Defense Agent checks all of these in 60 seconds.

Can Cyber Defense Agent help me lower my cyber insurance premium?

Yes. Carriers offer premium discounts of 10–25% for businesses that demonstrate strong security posture. By fixing the gaps Cyber Defense Agent identifies and presenting your Cyber Defense Score™ and trust page to your broker, you provide concrete evidence of risk reduction that carriers reward with lower premiums.

Why was my cyber insurance application denied?

The most common denial reasons are: no MFA on email and remote access (41% of denials), missing DMARC email authentication, open RDP ports, no EDR/endpoint protection, and no incident response plan. Cyber Defense Agent scans for all of these and shows you exactly what to fix before reapplying.

How long does a Cyber Defense Agent scan take?

A full 100-tool external attack surface scan completes in approximately 60 seconds. No software installation, no questionnaires, and no credit card is required to get started. You see the same view of your attack surface that underwriters see.

What frameworks does Cyber Defense Agent map to?

Cyber Defense Agent maps scan results to NIST CSF 2.0, CIS Controls, SOC 2, NIST 800-171, FTC Safeguards Rule, and PCI-DSS readiness. These are the same frameworks cyber insurance carriers reference in their underwriting guidelines.

How much does Cyber Defense Agent cost?

Essentials starts at $149/mo ($1,490/yr). Pro is $349/mo ($3,490/yr) and includes internal scanning, SOC 2 readiness, and full MCP toolset. Enterprise is $999/mo ($9,990/yr) with daily scans, custom framework mapping, and a dedicated AI agent instance. MSP partners pay $79/business/mo with a 25-business minimum. The free scan is always free.

How do I prepare for cyber insurance renewal?

Start 60–90 days before renewal. Run a Cyber Defense Agent scan to identify gaps. Fix critical items: enforce MFA everywhere, deploy DMARC, close open ports, update EDR. Re-scan to verify improvements. Present your Cyber Defense Score™ and trust page to your broker as evidence of improved posture. This positions you for renewal without premium increases or coverage reductions.

What is a trust page?

A trust page is a public cybersecurity posture page hosted at trust.cyberdefenseagent.ai/{your-slug}. It displays your Cyber Defense Score™, framework compliance status, and last scan date. Brokers, underwriters, and business partners can verify your security posture in 60 seconds instead of reviewing 30-page questionnaires.

Definitive Guide

Incident Response Plan Template for Small Businesses

Every compliance framework and cyber insurer requires an incident response plan. Here's a practical template built for SMBs, not Fortune 500s.

Farhad Mirza Khawar

Founder of HIPAA Agent and Cyber Defense Agent. Compliance infrastructure for SMBs. Sacramento, CA.

2026-05-01

Get My Cyber Defense Score™ →Book a 30-min review

In this guide

1. Why you need an incident response plan
2. IRP template sections
3. Testing your incident response plan

Why you need an incident response plan

An incident response plan (IRP) is a written document that defines how your business will detect, respond to, contain, and recover from cybersecurity incidents. Every major compliance framework requires one: - FTC Safeguards Rule: Mandatory written IRP - NIST CSF: Respond and Recover functions - SOC 2: Incident management criteria - HIPAA: Required by the Security Rule - SEC Cybersecurity Rule: Incident disclosure requirements - Cyber insurance: Required by virtually all carriers Without an IRP, you're making critical decisions under extreme stress with no playbook. The average breach costs 33% more for organizations without an IRP.

IRP template sections

1. Purpose and scope — Define what constitutes a "security incident" for your organization. Cover data breaches, ransomware, BEC, unauthorized access, and system compromises. 2. Incident response team — Name the people responsible: Incident Commander (usually owner/partner), IT Lead, Legal Counsel, Communications Lead, and Insurance Contact. 3. Detection and analysis — How will you detect incidents? Define monitoring tools, alert thresholds, and initial assessment procedures. Cyber Defense Agent's continuous scanning is part of your detection capability. 4. Containment — Immediate steps to stop the incident from spreading: isolate affected systems, disable compromised accounts, block malicious IPs. 5. Eradication and recovery — Remove the threat, restore from backups, verify system integrity, and return to normal operations. 6. Notification requirements — Legal obligations: state breach notification laws (30-90 days), federal requirements (HIPAA 60 days, SEC prompt), client notification, insurance carrier notification, law enforcement referral. 7. Post-incident review — Document lessons learned, update the IRP, remediate root causes, and run a follow-up Cyber Defense Agent scan to verify. 8. Testing schedule — Test your IRP at least annually through tabletop exercises. Document test results.

Testing your incident response plan

An untested IRP is almost as bad as no IRP. Test annually: Tabletop exercise — Walk through a realistic scenario (e.g., ransomware attack) with your incident response team. Discuss decisions, identify gaps, and update the plan. Scenarios to test: - Ransomware encrypting critical systems - Business email compromise with wire fraud attempt - Employee credential compromise - Vendor/supply chain breach - Insider threat/data exfiltration Document the exercise: date, participants, scenario, decisions made, gaps identified, and remediation actions taken.

Key Takeaways

TL;DR

Every compliance framework and cyber insurer requires a written incident response plan.

Your IRP should cover detection, containment, eradication, recovery, and notification.

Name specific people for each role — not just job titles.

Test your plan annually through tabletop exercises.

Organizations with IRPs reduce breach costs by 33%.

Official Sources

NIST SP 800-61 (Computer Security Incident Handling Guide)CISA Incident Response Playbooks

FAQ

Frequently asked questions

How long should an incident response plan be?

For an SMB, a practical IRP is 10-20 pages. Focus on actionable steps, contact information, and clear decision trees. Avoid hundred-page enterprise templates that no one will read during an actual incident.

Who should own the incident response plan?

The business owner or managing partner should own the plan (as Incident Commander), with the Qualified Individual (for FTC compliance) or IT lead responsible for maintaining and testing it. The plan should name specific individuals, not just roles.

How often should we test our IRP?

At minimum, annually. Best practice is semi-annual tabletop exercises. Test after any significant change to your IT environment, and after any actual incident. Document all tests for compliance evidence.

Related Guides

Continue reading

MFA Enforcement: The Complete Guide EDR for Small Businesses: Complete Guide Building a Patch Management Policy

Get your Cyber Defense Score™ in 60 seconds.

100 tools. No installation. No credit card. Real evidence.

Get My Cyber Defense Score™ →Book a 30-min review with Farhad