CoreCyber

Compare Plans

See what's included in each plan — in plain English — so you can pick the one that fits. No fine print.

Plans at a Glance

What you getStarter
ProfessionalMost popular
Enterprise
Team members
People from your team who can log in and use the platform
325Unlimited
Risk assessments
Full risk assessments you can run
15Unlimited
Connected tools
Integrations you can link (choose from the connectors below)
1UnlimitedUnlimited
Vendors tracked
Third parties you can assess and monitor
375Unlimited
Compliance documents
Generated compliance documents per assessment
3Unlimited

Risk Analysis Engines

What you getStarter
Professional
Enterprise
Your risk, in real dollars
What a breach would most likely cost you, in dollars (FAIR-BN). Starter sees a risk-class summary; Professional and Enterprise see the full dollar figures.
Risk class
What's driving your risk
The specific weaknesses pushing your risk up, so you know what to fix first (XGBoost + SHAP)
Top 3
Best-case to worst-case loss range
The full range of what an incident could cost, from a minor hiccup to a major breach (LDA-PFD)
Risk forecast
How your risk is likely to trend over the months ahead (LSTM)
Vendor & supply-chain risk
How a breach at one of your vendors could ripple back to your business (Supply Chain BN)
Proof your security spend works
How much each security control actually lowers your risk (Causal Inference)

Connect the Tools You Already Use

What you getStarter
Professional
Enterprise
Google Workspace
Pull in security signals from Gmail and Google Workspace
Microsoft 365
Sync security data from Microsoft 365 and Entra ID
Bitdefender
Import device and antivirus health from Bitdefender
Amazon Web Services (AWS)
Check your cloud setup for risky misconfigurations
Shopify
Keep an eye on your online store's security
Splunk
Feed in alerts and activity logs from Splunk
Penetration testing (vPenTest)
Automated "ethical hacking" of your systems — available as an add-on on any plan
Add-onAdd-onAdd-on

Connectors are configured on request. After purchase, our team sets up and verifies each integration with you — they are not enabled automatically.

Advanced Assessment Modules

What you getStarter
Professional
Enterprise
AI Risk
Governance, bias, adversarial robustness, and explainability of your AI systems
Add-onIncludedIncluded
Insider Threat
Insider-risk program maturity — user behaviour analytics, DLP, and privileged access
Add-onIncludedIncluded
Secure SDLC
Secure development — DevSecOps, code scanning, and software bill of materials
Add-onAdd-onIncluded
Cloud Security
Cloud posture fundamentals — identity, encryption, and misconfiguration checks
Add-onIncludedIncluded
AI Digital Identity
Deepfake and synthetic-identity defense, biometric security, and AI-driven access control
Add-onAdd-onIncluded
Sustainability (CSS v1.4)
How durable your security program is across 5 dimensions and 27 sub-domains
Add-onAdd-onIncluded

Compliance & Reports

What you getStarter
Professional
Enterprise
Compliance frameworks
Map controls and track gaps across 21 frameworks — NIST, ISO 27001, PCI DSS, HIPAA, SOC 2, GDPR, CMMC, and more (full list below)
Gap analysis & evidence
See exactly where you fall short and collect the proof auditors ask for
Cyber-insurance readiness
Check whether your coverage actually matches your risk
Fix-it action plans (POA&M)
Build a plan to close security gaps and track progress over time
Audit-ready documents
Generate framework-specific deliverables (SSP, SAR, SoA, SAQ, DPIA, and more — full list below)
Board-ready PDF reports
Clear, polished summaries you can hand straight to leadership
Automatic scheduled reports
Have reports emailed to your team on a schedule you choose

Operations & Collaboration

What you getStarter
Professional
Enterprise
Risk history & trends
Track how your risk changes over time across assessments
Incident log
Record and track security incidents as they happen
Developer API access
Connect CoreCyber to your own tools and workflows (API keys) — coming soon
Activity & audit log
A complete record of who did what — handy for accountability and audits
Real-time alerts (webhooks)
Push instant notifications to Slack, Teams, or your own systems — coming soon
Team collaboration & comments
Discuss findings and assign follow-ups to teammates right in the app

Support

What you getStarter
Professional
Enterprise
Email support
Reach our team by email whenever you need a hand

Compliance Frameworks We Support

Map your controls and track gaps against 21 frameworks and regulations — available on Professional and Enterprise.

Cybersecurity & Risk

  • NIST CSF 2.0
  • NIST 800-53 Rev 5
  • NIST 800-171 Rev 3
  • CIS Controls v8
  • ISO/IEC 27001:2022
  • CMMC 2.0
  • HITRUST CSF v11.3
  • FAIR v2.0

Privacy & AI Governance

  • GDPR
  • CCPA/CPRA
  • HIPAA
  • EU AI Act

Sector & Government

  • PCI DSS 4.0
  • SOX
  • FFIEC CAT
  • NERC CIP
  • FISMA
  • FedRAMP Rev 5

EU Regulatory & Attestation

  • NIS2 Directive
  • DORA
  • SOC 2 Type II

Audit-Ready Documents We Generate

Export evidence and deliverables your auditors, board, and insurers expect — generated automatically from your assessment data.

Framework-specific deliverables

  • CMMC Level 2 System Security Plan (SSP)
  • NIST 800-53 SSP & Security Assessment Report (SAR)
  • PCI DSS SAQ, Report on Compliance (RoC) & Attestation (AoC)
  • ISO 27001 Statement of Applicability (SoA) & Risk Treatment Plan
  • SOC 2 Readiness Assessment
  • HIPAA Risk Analysis & Risk Management Plan
  • GDPR DPIA & Record of Processing Activities (RoPA)
  • CIS Controls Implementation Group (IG) Assessment

Executive & operational reports

  • Executive Summary (board-ready PDF)
  • Compliance Report (PDF)
  • Technical Risk Report (PDF)
  • Cyber-insurance Submission (PDF)
  • Vendor Risk Summary (PDF)
  • Plan of Action & Milestones — POA&M (CSV)
Start freeTalk to sales
Full access Limited (see note)Add-on Not included