When your scorecard is published, you will find the following on the CyberVadis platform:
Overall score: a single number between 0 and 1,000 reflecting your company's overall cybersecurity maturity
Function scores: separate scores for each of the four assessment functions: Identify, Protect, Detect, and React
Topic breakdown: a detailed view of your performance within each function, down to individual security topics
Strengths: the areas where your company's security practices are well established and evidenced
Risk areas: the areas where gaps or weaknesses have been identified, each linked to specific improvement actions in your improvement plan
Do not focus exclusively on your overall score. The topic breakdown and risk areas are where the most actionable information sits. Use them to understand exactly where your company stands and where to focus first.
The CyberVadis scoring scale
Scores fall into five levels. Each level reflects how systematically and consistently your company defines, implements, and monitors its security practices across the four functions.
Insufficient (below a basic threshold)
CyberVadis was unable to verify your company's information security definitions and implementation, or could only do so to a minimal degree. This typically indicates that formal security practices are not yet in place or that insufficient evidence was provided to support declared controls.
Basic
CyberVadis verified that your company understands some of its information security needs and is actively defining its security approach. Security practices exist in some areas but are not yet consistently implemented or evidenced across the organisation.
Moderate
CyberVadis verified that your company understands its information security needs and is actively improving its security approach. Practices are more consistently defined and implemented, with some evidence of ongoing monitoring.
Developed
CyberVadis verified that your company thoroughly accounts for its information security needs and has established a fully developed security approach. Security practices are well defined, consistently implemented, and actively monitored across the organisation.
Mature
CyberVadis verified that information security is embedded in your company's culture and that you have a mature, comprehensive security approach. Practices are systematically managed, continuously improved, and supported by strong evidence across all four functions.
How function scores relate to your overall score
Your overall score is a weighted combination of your four function scores. Each function score reflects your maturity in that specific area independently. A high overall score with a low score in one function indicates a specific gap worth addressing, even if the headline number looks strong.
For details on how weights are applied and how controls contribute to function and overall scores, see [How is your score calculated?].
Where your score sits relative to the medal thresholds
CyberVadis awards medals to companies that reach certain score thresholds. If you are close to a threshold, your improvement plan will show you the highest-impact actions to take. See [CyberVadis Badges and Medals: thresholds and how to use them] for the full breakdown.
If you have questions about your score
If you disagree with your results or want to understand a specific aspect of your scorecard in more detail, see [I disagree with my results or have questions about them].
Sharing your scorecard
Once published, your scorecard can be shared with clients and partners directly from the platform. See [How to share your scorecard with clients and partners].