Cyvatar Risk Scorecard · 14 Risk Areas

What Can Hackers See
From the Outside?

We score your external risk across 14 areas using only publicly available data — no access to your systems required. Includes a partial OWASP Top 10 map: 2 categories fully covered, 3 partially, 5 require authenticated testing (we flag which is which).

Advanced (optional): custom DKIM selector

If left blank, we automatically probe 18+ common DKIM selectors (default, google, selector1, selector2, s1, s2, k1, k2, mail, smtp, protonmail, zoho, etc.).

Running 14 Risk Area checks. This takes 45–90 seconds.

--
--/10
Cyvatar Risk Scorecard

Your external risk posture

This is what attackers see when they research your company from the outside — no tools, no access, just public information.

SMB Baseline (est.) 7.4 Estimate pending live sample

This Is How Attacks Start — Not How They End.

What you're seeing is your external exposure — the entry points attackers use to get in.

But breaches don't happen here.

They happen after access is gained:

This shows how they get in.
It doesn't show what happens next.

Am I Actually At Risk?

We'll prioritize what matters, what doesn't, and what to fix first.

Get a prioritized view of what actually matters — and what attackers would target first.

By submitting, you agree to be contacted by a Cyvatar vCISO about your results. We don't share your data. Privacy Policy
— or —
Prefer to walk through this with an expert? Talk to a vCISO (15 min) →

Want help interpreting this?

15 minutes with a Cyvatar vCISO. We'll walk through your results, prioritize the fixes, and give you a concrete next step. No sales pitch.

Book a 15-min Review →
Am I Actually At Risk? Get My Analysis →