CertIQ
Home Brokers Insurers & MGAs How it works Pricing API FAQs Contact
Login
How CertIQ works

Three layers. One score. One quote.

CertIQ combines automated domain scanning with an Essential Eight self-assessment to produce a hybrid risk score. When that score crosses the ready threshold, a cyber insurance quote is generated automatically.

Layer 1
Score
Layer 2
Ready
Layer 3
Insure
Layer 1 — Score

The external scan

CertIQ scans any domain from the outside — no access to the client's systems required. Five independent data sources run in parallel and return results in under 30 seconds.

CertIQ:scan
Detects open ports and exposed services including RDP, SMB, Telnet, and known vulnerable software versions.
CertIQ:breach
Checks how many staff email addresses appear in public breach databases — a direct indicator of credential exposure.
CertIQ:reputation
Assesses domain reputation across dozens of security feeds. Flags malware associations, phishing history, and blacklist status.
CertIQ:mail
Checks email authentication records. Missing or weak DMARC and SPF policies mean the domain can be spoofed.
CertIQ:layer
Inspects certificate validity, expiry, and protocol version. TLS 1.0 and 1.1 are flagged as end-of-life risk.
Score weighting
Open ports & services
25 pts
Credential breaches
20 pts
Domain reputation
20 pts
Email hygiene
20 pts
SSL health
15 pts
Total 100 pts
The external scan contributes 60% of the combined score. The remaining 40% comes from the Essential Eight self-assessment.
Layer 2 — Ready

The Essential Eight self-assessment

While the domain scan runs, the user answers seven plain-English questions mapped to the ASD Essential Eight framework. No IT knowledge required. Takes about 90 seconds.

10 pts
Multi-factor authentication enforced for all staff
8 pts
Admin accounts separate from daily-use accounts
8 pts
Critical patches applied within 48 hours of release
8 pts
Backups taken regularly, tested, and stored offline
6 pts
Application control enforced on workstations
5 pts
Office macros disabled or restricted to signed sources
5 pts
Documented and tested incident response plan
How answers are scored
Yes
Full points awarded
Partial
Half points awarded
No
Zero points — gap flagged in report
Skipped
Zero — no penalty recorded
Self-assessment contributes 40% of the combined score. It rewards honest self-reporting without allowing gaming to dominate the result.
Layer 3 — Insure

From ready score to bound policy

When the combined score reaches 65 or above, the client is CertIQ Ready. A pre-filled cyber insurance quote is generated automatically via the Agile underwriting panel.

65+
CertIQ Ready threshold
The combined score required to trigger an automatic cyber insurance quote. Verified by both external scan and self-assessment.
Auto
Quote generated
A pre-filled quote is sent to the broker automatically — no ACORD form, no email chain, no manual submission required.
Better
Terms for ready clients
CertIQ Ready clients typically access broader cover with fewer exclusions. Better posture means better terms.
Get started

Ready to run your first scan?

3 free scans per month. No account required.

Run a scan