What is the Cyber Defense Score™?

The Cyber Defense Score™ is an A–F letter grade plus a 0–100 numerical score produced by a 100-tool external attack surface scan. It shows you exactly what cyber insurance underwriters see when they assess your business. It is mapped to NIST CSF 2.0, CIS Controls, SOC 2, NIST 800-171, FTC Safeguards Rule, and PCI-DSS readiness.

How does Cyber Defense Agent help with cyber insurance?

Cyber Defense Agent runs the same external scans that cyber insurance underwriters use to assess your risk. By scanning first, you can identify and fix gaps (missing MFA, DMARC, open ports, SSL issues) BEFORE your renewal or new application. This helps you avoid denials, reduce premiums, and pass underwriting on the first attempt.

What do cyber insurance underwriters scan for?

Underwriters typically scan for: MFA enforcement across all remote access, DMARC/SPF/DKIM email authentication, open RDP ports (3389), SSL/TLS configuration, known vulnerabilities in public-facing services, DNS security, and evidence of endpoint detection (EDR). Cyber Defense Agent checks all of these in 60 seconds.

Can Cyber Defense Agent help me lower my cyber insurance premium?

Yes. Carriers offer premium discounts of 10–25% for businesses that demonstrate strong security posture. By fixing the gaps Cyber Defense Agent identifies and presenting your Cyber Defense Score™ and trust page to your broker, you provide concrete evidence of risk reduction that carriers reward with lower premiums.

Why was my cyber insurance application denied?

The most common denial reasons are: no MFA on email and remote access (41% of denials), missing DMARC email authentication, open RDP ports, no EDR/endpoint protection, and no incident response plan. Cyber Defense Agent scans for all of these and shows you exactly what to fix before reapplying.

How long does a Cyber Defense Agent scan take?

A full 100-tool external attack surface scan completes in approximately 60 seconds. No software installation, no questionnaires, and no credit card is required to get started. You see the same view of your attack surface that underwriters see.

What frameworks does Cyber Defense Agent map to?

Cyber Defense Agent maps scan results to NIST CSF 2.0, CIS Controls, SOC 2, NIST 800-171, FTC Safeguards Rule, and PCI-DSS readiness. These are the same frameworks cyber insurance carriers reference in their underwriting guidelines.

How much does Cyber Defense Agent cost?

Essentials starts at $149/mo ($1,490/yr). Pro is $349/mo ($3,490/yr) and includes internal scanning, SOC 2 readiness, and full MCP toolset. Enterprise is $999/mo ($9,990/yr) with daily scans, custom framework mapping, and a dedicated AI agent instance. MSP partners pay $79/business/mo with a 25-business minimum. The free scan is always free.

How do I prepare for cyber insurance renewal?

Start 60–90 days before renewal. Run a Cyber Defense Agent scan to identify gaps. Fix critical items: enforce MFA everywhere, deploy DMARC, close open ports, update EDR. Re-scan to verify improvements. Present your Cyber Defense Score™ and trust page to your broker as evidence of improved posture. This positions you for renewal without premium increases or coverage reductions.

What is a trust page?

A trust page is a public cybersecurity posture page hosted at trust.cyberdefenseagent.ai/{your-slug}. It displays your Cyber Defense Score™, framework compliance status, and last scan date. Brokers, underwriters, and business partners can verify your security posture in 60 seconds instead of reviewing 30-page questionnaires.

How-To Guide

How to Read Your Cyber Defense Score

A detailed walkthrough of the Cyber Defense Score report, explaining each category, grade, and finding so you can turn results into an actionable remediation plan.

Farhad Mirza Khawar

Founder of HIPAA Agent and Cyber Defense Agent. Compliance infrastructure for SMBs. Sacramento, CA.

2026-05-01

Before You Start

A completed Cyber Defense Score scan from cyberdefenseagent.com
Basic familiarity with email authentication concepts like SPF, DKIM, and DMARC
Access to your IT team or service provider for implementing recommended changes

Understand the overall score and grade

Your Cyber Defense Score is a composite grade that reflects the overall security posture of your domain based on publicly observable configurations. The score aggregates results from multiple security categories into a single letter grade. An A grade indicates strong security configurations across all categories with only minor improvements possible. A B grade means most configurations are solid but there are meaningful gaps to address. A C grade indicates significant security gaps that should be remediated promptly. A D or F grade signals critical misconfigurations that leave your domain highly vulnerable to attack. The overall score is weighted, with email authentication and TLS configuration carrying the most weight because these are the most commonly exploited vectors for SMBs. Use the overall grade as a conversation starter with leadership but dive into the category details for actionable next steps.

Review the email authentication section

The email authentication section evaluates your SPF, DKIM, and DMARC configurations. For SPF, the scan checks whether a record exists, whether it is syntactically valid, whether it stays within the ten DNS lookup limit, and whether it ends with a restrictive qualifier like -all. For DKIM, the scan attempts to verify that DKIM signing is active by checking common selector names. For DMARC, the scan checks whether a record exists, what policy level it is set to, and whether aggregate reporting is configured. A DMARC policy of p=none provides monitoring only and is scored lower than p=quarantine or p=reject. The ideal state is having all three protocols configured and aligned, with DMARC at p=reject. If any of these three are missing or misconfigured, this section will show the specific failures and what the correct configuration should look like.

Review the web security and TLS section

The web security section examines your website TLS configuration and HTTP security headers. For TLS, the scan checks your certificate validity and expiration date, the protocol versions supported by your server, and the cipher suites offered. Supporting TLS 1.0 or 1.1 is flagged as a critical finding because these protocols have known vulnerabilities. The scan also checks for common TLS misconfigurations like missing certificate chain intermediates, expired certificates, and weak cipher suites. The HTTP security headers subsection checks for Content-Security-Policy, X-Content-Type-Options, X-Frame-Options, Strict-Transport-Security, Referrer-Policy, and Permissions-Policy. Each missing header is reported with an explanation of what attack it mitigates and a recommended value to implement.

Review the DNS security section

The DNS section evaluates how well your domain name infrastructure is protected. It checks whether DNSSEC is enabled for your domain, which protects against DNS spoofing and cache poisoning attacks. It examines your nameserver configuration for redundancy and geographic distribution. It also checks for dangling DNS records that point to decommissioned services, which can be exploited through subdomain takeover attacks. If your domain has MX records, the scan verifies they point to valid mail servers. The DNS section may also flag if your domain is listed on any public blocklists that could affect email deliverability. While DNS findings are often lower severity than email or TLS issues, they represent foundational infrastructure that affects all other security layers.

Interpret severity levels and prioritize findings

Each finding in the report is assigned a severity level to help you prioritize. Critical findings represent immediate risks that could be actively exploited, such as a missing DMARC record that allows anyone to spoof your domain or an expired TLS certificate that exposes traffic to interception. High severity findings are significant gaps that should be addressed within days, such as supporting deprecated TLS versions or missing SPF records. Medium severity findings are important improvements that should be completed within weeks, such as tightening an SPF soft fail to a hard fail or adding missing security headers. Low severity findings are best-practice enhancements that improve your posture but do not represent immediate risk. Always address critical and high findings first and work your way down the severity list.

Create a remediation plan from the findings

Transform the scan results into a concrete action plan. For each finding, identify who on your team or which vendor is responsible for the fix. Group related findings together since email authentication fixes involving SPF, DKIM, and DMARC should be addressed as a coordinated effort rather than individually. Estimate the level of effort for each fix. Most email authentication fixes can be completed in under an hour if you have DNS access. TLS configuration changes may require coordination with your hosting provider. Security header additions typically require web server configuration changes. Set target dates for each fix and assign accountability. After completing each batch of fixes, re-run the Cyber Defense Score scan to verify improvement and update your baseline. Share the remediation plan with leadership to demonstrate your commitment to improving security posture.

Common Mistakes to Avoid

Focusing only on the overall grade without reviewing the individual category findings

Treating all findings as equal priority instead of addressing critical and high severity issues first

Not re-scanning after implementing fixes to verify the changes were effective

Ignoring the email authentication section because the website section looks good

How to Run a Cyber Defense Score Scan How to Set Up DMARC from Monitor to Enforce How to Configure SSL/TLS for Your Web Server

Get your Cyber Defense Score™ in 60 seconds.

100 tools. No installation. No credit card.

Get My Cyber Defense Score™ →