What is the Cyber Defense Score™?

The Cyber Defense Score™ is an A–F letter grade plus a 0–100 numerical score produced by a 100-tool external attack surface scan. It shows you exactly what cyber insurance underwriters see when they assess your business. It is mapped to NIST CSF 2.0, CIS Controls, SOC 2, NIST 800-171, FTC Safeguards Rule, and PCI-DSS readiness.

How does Cyber Defense Agent help with cyber insurance?

Cyber Defense Agent runs the same external scans that cyber insurance underwriters use to assess your risk. By scanning first, you can identify and fix gaps (missing MFA, DMARC, open ports, SSL issues) BEFORE your renewal or new application. This helps you avoid denials, reduce premiums, and pass underwriting on the first attempt.

What do cyber insurance underwriters scan for?

Underwriters typically scan for: MFA enforcement across all remote access, DMARC/SPF/DKIM email authentication, open RDP ports (3389), SSL/TLS configuration, known vulnerabilities in public-facing services, DNS security, and evidence of endpoint detection (EDR). Cyber Defense Agent checks all of these in 60 seconds.

Can Cyber Defense Agent help me lower my cyber insurance premium?

Yes. Carriers offer premium discounts of 10–25% for businesses that demonstrate strong security posture. By fixing the gaps Cyber Defense Agent identifies and presenting your Cyber Defense Score™ and trust page to your broker, you provide concrete evidence of risk reduction that carriers reward with lower premiums.

Why was my cyber insurance application denied?

The most common denial reasons are: no MFA on email and remote access (41% of denials), missing DMARC email authentication, open RDP ports, no EDR/endpoint protection, and no incident response plan. Cyber Defense Agent scans for all of these and shows you exactly what to fix before reapplying.

How long does a Cyber Defense Agent scan take?

A full 100-tool external attack surface scan completes in approximately 60 seconds. No software installation, no questionnaires, and no credit card is required to get started. You see the same view of your attack surface that underwriters see.

What frameworks does Cyber Defense Agent map to?

Cyber Defense Agent maps scan results to NIST CSF 2.0, CIS Controls, SOC 2, NIST 800-171, FTC Safeguards Rule, and PCI-DSS readiness. These are the same frameworks cyber insurance carriers reference in their underwriting guidelines.

How much does Cyber Defense Agent cost?

Essentials starts at $149/mo ($1,490/yr). Pro is $349/mo ($3,490/yr) and includes internal scanning, SOC 2 readiness, and full MCP toolset. Enterprise is $999/mo ($9,990/yr) with daily scans, custom framework mapping, and a dedicated AI agent instance. MSP partners pay $79/business/mo with a 25-business minimum. The free scan is always free.

How do I prepare for cyber insurance renewal?

Start 60–90 days before renewal. Run a Cyber Defense Agent scan to identify gaps. Fix critical items: enforce MFA everywhere, deploy DMARC, close open ports, update EDR. Re-scan to verify improvements. Present your Cyber Defense Score™ and trust page to your broker as evidence of improved posture. This positions you for renewal without premium increases or coverage reductions.

What is a trust page?

A trust page is a public cybersecurity posture page hosted at trust.cyberdefenseagent.ai/{your-slug}. It displays your Cyber Defense Score™, framework compliance status, and last scan date. Brokers, underwriters, and business partners can verify your security posture in 60 seconds instead of reviewing 30-page questionnaires.

How-To Guide

How to Run a Cyber Defense Score Scan

Learn how to use Cyber Defense Agent to scan your domain, understand what the scan evaluates, and take your first steps toward improving your security posture.

Farhad Mirza Khawar

Founder of HIPAA Agent and Cyber Defense Agent. Compliance infrastructure for SMBs. Sacramento, CA.

2026-05-01

Before You Start

Your organization primary domain name
Access to the Cyber Defense Agent website at cyberdefenseagent.com
Authority or permission to assess your organization security posture

Navigate to Cyber Defense Agent and enter your domain

Open your browser and go to cyberdefenseagent.com. On the homepage, you will find the domain scan input field prominently displayed. Enter your primary business domain in the format yourdomain.com without any prefixes like http or www. Use your main business domain, not a subdomain. If your organization uses multiple domains, start with the primary domain that handles your main email and website traffic. Click the scan button to initiate the assessment. The scan is non-intrusive and examines only publicly available information about your domain configuration, so it does not require any credentials or access to your internal systems. The scan typically completes within sixty seconds.

Wait for the scan to complete and review your score

The Cyber Defense Agent scan evaluates multiple dimensions of your domain security configuration. It checks your email authentication records including SPF, DKIM, and DMARC. It examines your web server TLS and SSL configuration. It looks at your DNS security settings including DNSSEC. It checks for known vulnerabilities in your web server headers and verifies security headers like Content-Security-Policy, X-Frame-Options, and Strict-Transport-Security. Once complete, you receive a Cyber Defense Score that represents your overall security posture on a graded scale. The score provides an at-a-glance view of how well your domain is configured against common attack vectors and how you compare to industry benchmarks.

Review individual category scores

Below your overall Cyber Defense Score, the report breaks down your results into specific categories. Each category shows whether you passed or failed specific checks and provides context about why each check matters. The email security section covers SPF record validity, DKIM configuration, and DMARC policy strength. The web security section covers TLS certificate validity, protocol versions, cipher suite strength, and HTTP security headers. Review each category to understand where your strengths and weaknesses are. Pay particular attention to any critical findings marked with high severity, as these represent the most immediate risks to your organization. The scan results are prioritized to help you focus your remediation efforts on the issues that matter most.

Export or save your scan results

Save your scan results for documentation and tracking purposes. Cyber Defense Agent allows you to bookmark or share your results URL. Take note of your current score as a baseline that you will use to measure improvement over time. If you are working with a managed service provider or internal IT team, share the results link with them so they can see the specific findings and prioritize remediation. If you need to present the results to leadership or a board of directors, the summary score provides an easy-to-understand metric that communicates your security posture without requiring technical expertise. Consider running the scan monthly to track your progress as you implement the recommended improvements.

Prioritize remediation based on scan findings

Use the scan results to create a prioritized remediation plan. Start with critical and high-severity findings, as these typically represent the easiest wins with the biggest security impact. Common high-priority fixes include adding a missing DMARC record, upgrading from TLS 1.0 or 1.1 to TLS 1.2 or higher, and adding security headers to your web server. Medium-priority items might include tightening an existing SPF record from soft fail to hard fail or adding DNSSEC to your domain. Low-priority items are often enhancements to already-functional configurations. Create a timeline for addressing each finding with assigned owners and target completion dates. After completing each fix, re-run the scan to verify the improvement is reflected in your updated score.

Schedule recurring scans to track progress

Security is not a one-time activity. Schedule a recurring scan of your domain at least monthly to catch configuration drift, certificate expirations, or new vulnerabilities that appear. Use Cyber Defense Agent monitoring features to receive alerts when your security posture changes. Track your Cyber Defense Score over time to demonstrate continuous improvement to stakeholders, auditors, and cyber insurance carriers. If your score drops, investigate what changed and remediate promptly. Consider scanning all domains owned by your organization, not just the primary one, as attackers often target secondary or forgotten domains. Make the monthly scan part of your IT operations checklist alongside other recurring tasks like patch management and backup verification.

Common Mistakes to Avoid

Scanning a subdomain instead of the primary domain and getting incomplete results

Running the scan once and never following up on the findings or re-scanning after fixes

Ignoring medium and low severity findings that collectively weaken your security posture

Not sharing scan results with the team responsible for implementing fixes

How to Read Your Cyber Defense Score How to Set Up DMARC from Monitor to Enforce How to Configure SSL/TLS for Your Web Server

Get your Cyber Defense Score™ in 60 seconds.

100 tools. No installation. No credit card.

Get My Cyber Defense Score™ →