How is your score calculated?

We believe transparency is the foundation of building trust.


One of the most important commitments of C2SEC is to ensure a 100% transparency of how cyber risk ratings and scores are calculated. No more secret algorithms! And the same logic for calculating cyber risk rating and scores applies to all customers, regardless of whether they are our paid customers or not.

The score is calculated based on the exposure assessment data of the following four categories. For the complete detailed description of our cyber scoring algorithm, please contact us to get a copy of our scoring methodology whitepaper.

Cyber Incidents

Ongoing cyber risk incidents. Scoring weight is 25%.


Technology assessment of IT infrastructure, such as DNS, Encryption, Patching and etc. Scoring weight is 30%.


User Behavior, such as how people manages credentials, risk of social engineering attacks, etc. Scoring weight is 30%.


Organization behavior, such as how IT asset is managed, etc. Scoring weight is 15%.