UK-NATIVE • CYBER ESSENTIALS • ISO 27001

Continuous Cyber Risk Management, Made Cympl.

Stop relying on static PDF reports and spreadsheets. Cympl gives your organisation a live, measurable view of its security posture — mapped against the frameworks that matter.

Get an Assessment See How It Works
£50/mo STARTING PRICE
45min FIRST ASSESSMENT
4 live UK FRAMEWORKS
SCROLL
— The Problem

Cyber risk shouldn't be
a guessing game.

Most UK SMEs have no clear picture of their security posture. Annual audits go stale within weeks. Supplier risk is tracked in spreadsheets. Board-level reporting is manual, inconsistent, and always late.

43%

of UK businesses reported a cyber breach in the last 12 months

£4,200

average cost of a cyber breach to a small UK business

72%

of SMEs lack a formal supplier risk assessment process

1 in 5

businesses have no incident response plan in place

Get a free posture check →

Takes ~4 minutes · No account required

— Capabilities

Everything you need to
manage cyber risk.

From baseline compliance to attack-surface monitoring and supply-chain risk — one platform, no consultants, no agents to install.

Core

Cyber Fundamentals Assessment

Structured self-assessment aligned to Cyber Essentials and IASME Cyber Assurance. 94 guided questions across 10 categories — live posture scoring with prioritised remediation actions. Mapped to CE, ISO 27002, UK GDPR, and CIS Controls v8.

Explore Core plan →
Pro

Third-Party Risk Management

Assess and monitor supplier security at scale. Automated questionnaires, A–F risk grades, DMARC and domain reputation checks — all in one view.

See Pro plan →
Advanced

External Attack Surface Monitoring

Discover what attackers can see. Continuous scanning identifies exposed subdomains, open ports, TLS misconfigs, and known vulnerabilities across your public-facing infrastructure.

See Advanced plan →
Pro

Framework Mapping

See exactly where you stand against CE, ISO 27002, UK GDPR, and CIS Controls — with exportable evidence for audits.

Pro

Policy Tools

Production-ready templates aligned to ISO 27001:2022. Built-in framework guidance, version control, and approval workflows.

Pro

Endpoint Audit

66+ hardening checks against CIS benchmarks. Results map to Cyber Essentials and MITRE ATT&CK — with GPO, Registry, and Intune remediation paths.

Coming Soon

Breach & Dark Web

Monitor domains against breach databases and infostealer logs. Exposed credentials surfaced directly in your posture dashboard.

— The Platform

See your posture
in real time.

Live scoring across every framework. Drill into any control, any supplier, any asset. Export board-ready reports in one click.

  • Live posture across CE, ISO 27002, UK GDPR, CIS v8
  • Supplier A–F grading with DMARC and SSL validation
  • External attack-surface scans, continuously refreshed
  • Board-ready PDF exports — one click
app.cympl.cloud / suppliers
LIVE
THIRD-PARTY RISK
Supplier Risk
12 suppliers
9
LOW RISK
2
MEDIUM
1
HIGH RISK
RISK BREAKDOWN
DMARC passing
75%
SSL valid
92%
app.cympl.cloud / posture
LIVE
CYBER FUNDAMENTALS
Posture Score
+12 this month
78%
OVERALL
94
CONTROLS
7
GAPS
CATEGORY BREAKDOWN
Access Control
88%
Patch Management
72%
Malware Protection
65%
Firewalls
91%
Secure Config
77%
— Process

From zero to measured
in under an hour.

No agents to install, no consultants required. Get from zero to a clear, measurable security posture in your first session.

01
01
We create your tenant

Invite your team. Multi-tenancy and role-based access are built in from day one — your data is isolated from every other organisation on the platform.

02
02
Complete your Cyber Fundamentals Assessment

Answer guided questions across the five Cyber Essentials control areas. Plain English, structured, and takes most organisations 30–45 minutes.

03
03
Review your posture score and gap analysis

Cympl calculates your score across each category and highlights gaps against your chosen frameworks. Drill into technical detail or view the board-level summary.

04
04
Assess your supply chain

Add suppliers, send automated assessments, and get A–F risk grades back — including domain reputation and DMARC checks. Track which suppliers meet your standards.

05
05
Monitor, remediate, report

Your dashboard updates continuously. Track remediation progress, export compliance evidence for audits, and generate board packs — all from a single platform.

— Compliance

Aligned to the frameworks
that matter.

Cympl maps your security controls against recognised UK and international standards, giving you a clear path from where you are to where you need to be.

LIVE
Cyber Essentials

UK Govt-backed scheme covering 5 core technical controls. Updated to Danzell 2026 (62 controls).

LIVE
Cyber Essentials Plus

Hands-on technical verification building on the self-assessment. Cympl evidences your controls and gaps before audit.

LIVE
ISO 27002:2022

93 controls across Organisational, People, Physical, Technological. 85/94 CFA questions mapped.

LIVE
UK GDPR · ICO

48 controls from the ICO Audit Framework. 84/94 CFA questions mapped — aligned to Art. 5(1)(f) & Art. 32.

LIVE
CIS Controls v8

18 prioritised security control groups. Cympl aligns your posture against implementation groups 1–3.

COMING SOON
IASME Cyber Assurance

Broader governance-focused certification including GDPR alignment. Framework data in development.

— Free Tool

Know where you stand
in 4 minutes.

Answer 18 plain-English questions and get a live security posture report — scored across five key areas. No sign-up, no jargon, no consultants. Just a clear picture of your exposure.

  • Identity & access controls
  • Devices & endpoint protection
  • Data backup & encryption
  • Email, web & threat detection
  • Governance & resilience
Start your free assessment →

Takes ~4 minutes · No account required · Results emailed to you

B
Overall grade
Good progress — a few critical gaps to close
Identity
Devices
Data
Threats
Governance
Top gaps identified
Web security & DNS filtering
Backup restore not tested
Email: basic protection only
✓ SPF enforced
⚠ DMARC: none
✓ Domain clean
— Plans

Transparent pricing for
every stage.

Start with a Cyber Fundamentals Assessment. Upgrade when you need framework mapping, supplier risk, and attack surface monitoring.

Core
from £50 /month

Get started with a baseline security assessment. No credit card, no commitment.

  • Cyber Fundamentals Assessment
  • Posture score per control area
  • Gap analysis with remediation
  • 1 organisation, 2 users
  • Framework mapping
  • Third-party risk
  • Attack surface monitoring
Get started
MOST POPULAR
Pro
from £150 /month

Full compliance toolkit with supplier risk management and policy tools.

  • Everything in Core
  • Framework mapping (CE, ISO, GDPR)
  • Third-party risk management
  • Supplier questionnaires & scoring
  • Policy maker & templates
  • Endpoint security assessment
  • Unlimited users
Get started
Advanced
from £300 /month

Complete platform with external attack surface monitoring and full framework guidance.

  • Everything in Pro
  • External attack surface monitoring
  • CIS Controls mapping
  • Priority support
  • Breach & dark web monitoring
  • Board pack auto-generation
  • M365 security audit
Talk to us

Need multi-tenant partner pricing? Talk to us about volume discounts for MSSPs.

— Questions

Frequently asked
questions.

Cympl is built for UK-based SMEs (typically 10–750 staff) who need to understand and manage their cyber risk without a dedicated security team. It's also used by MSSPs and IT service providers who manage security for multiple customer organisations and need a scalable, multi-tenant platform.
Yes. The Cyber Fundamentals Assessment is directly aligned to the Cyber Essentials control areas. While Cympl doesn't replace the formal certification process, it ensures you're fully prepared and can evidence your controls before you apply. Many organisations use Cympl to identify and close gaps before their CE assessment.
You add a supplier to Cympl and send them an automated security questionnaire via email. The supplier receives a secure, OTP-authenticated link — they don't need a Cympl account. Cympl also performs automated domain reputation and DMARC checks. All signals combine into an A–F risk grade with inherent, residual, and contextual scoring.
Cympl currently supports Cyber Essentials, Cyber Essentials Plus, ISO 27001:2022, UK GDPR (ICO Audit Framework), and CIS Controls v8. IASME Cyber Assurance is in development. Framework coverage is expanding — if you need a specific standard, get in touch.
Absolutely. Cympl runs on Cloudflare's global edge network with enterprise-grade DDoS protection and WAF. All data is stored with row-level security enforced at the database level, ensuring complete tenant isolation. Sensitive data is encrypted at rest with external keys issued to you.
Yes — Cympl is designed with multi-tenancy from the ground up. Partner accounts can create and manage customer tenants, impersonate into customer environments for setup and support, and see cross-tenant posture views. Contact us for partner pricing based on tenant volume.
Once your tenant is created you can complete your first Cyber Fundamentals Assessment in around 45 minutes. There are no agents to install and no infrastructure to configure. Start with the free posture check — it takes about 4 minutes and requires no account.
— Get started

Ready to understand
your real exposure?

Free · No account needed

Check your posture

18 questions. Real scores. A letter grade and actionable gaps — results emailed to you in minutes.

Start free assessment →
Guided · 30 minutes

See the full platform

A walkthrough of Cympl with one of our security team — tailored to your industry and current tools.

Book a demo
Any question · Any time

Talk to us

Not sure where to start? Drop us a message and a member of the Cympl security team will come back to you within one working day.

Get in touch

Get in Touch

Contact Us

Questions about Cympl? Want a demo or partner pricing? Drop us a message and we'll get back to you within one working day.

We'll get back to you within one working day.