Most UK SMEs don't know where their cyber security gaps are until something goes wrong. Our free Operational Risk Assessment tells you where you stand against the Cyber Essentials five control areas — in about 10 minutes, with no technical knowledge required.
The Operational Risk Assessment is a structured questionnaire mapped to the UK Government's Cyber Essentials framework. You answer plain-English questions about how your business operates — no technical jargon, no trick questions. We score your answers against the five CE control areas and give you a clear, prioritised picture of where your risks are.
The assessment runs automatically. Nobody reads your answers before you get your results. There's no pressure to engage us — though we're here if you want to.
Every question maps directly to the Cyber Essentials v3.3 control framework — the same standard used in formal certification. Your score reflects real-world exposure, not a made-up metric.
You don't just get a score. You get a per-pillar RAG rating, prioritised recommendations for each gap, and a PDF report you can share with your board, your insurer, or your IT provider.
The ORA is a self-reported assessment — it tells you where to look, not what a formal audit will find. Think of it as a benchmark, not a certificate.
Cyber Essentials covers five technical control areas. Your assessment scores each one independently so you know exactly where to focus first.
Are your network boundaries properly controlled? Guest Wi-Fi, remote access, and internet-facing services all count.
Are your devices set up securely from the start? Default passwords and unlicensed software are the most common failures.
Is your software kept up to date? Unpatched systems are the single biggest preventable vulnerability class.
Who has access to what? MFA, password management, and access privileges are assessed here.
Are your devices protected against malware? Coverage, management, and licensing all matter.
No account required. No software to install.
30 plain-English questions about your business — devices, staff, software, and working practices. No technical knowledge needed.
Your responses are automatically scored against the CE five-pillar framework. A RAG rating and risk score is calculated for each control area.
A link to your full results report is shown immediately. Your confirmation email contains the same link plus a PDF copy of the report.
Review the recommendations at your own pace. If you want help acting on them, GET-IT is here — but there's no obligation at any point.
The full assessment output is free. There's nothing gated behind a sign-up or a sales call.
An interactive online report showing your RAG rating and score for each CE control area, overall risk tier (Low / Medium / High / Critical), and prioritised recommendations ordered by severity.
A branded, printable PDF version of your results — complete with your scores, recommendations, what CE certification unlocks for your business, and the GET-IT five-stage CE journey. Suitable for sharing with your board or insurer.
Your results link and PDF are sent to the email address you provide. The link remains active for seven days so you can revisit or share it. No account needed, no login, no password.
The assessment takes around 10 minutes. You'll have your results before the kettle's boiled. No technical knowledge needed, no sales call required, no cost.
Start Your Free Assessment →[ Free — instant results — no obligation ]