What is a ransomware maturity assessment?

A ransomware maturity assessment evaluates an organization's defenses across key domains — prevention, detection, response, recovery, organizational preparedness, and governance — using a structured 1-5 maturity scale to identify gaps and prioritize improvements.

How long does the ransomware readiness assessment take?

The assessment covers 48 criteria across 6 domains and typically takes 15-30 minutes to complete. Results and prioritized recommendations are generated immediately with no account required.

What frameworks does this assessment align with?

The assessment aligns with NIST CSF 2.0, CIS Controls v8, and incorporates guidance from CISA, HHS HC3, FFIEC, and MS-ISAC. It is updated for 2026 to cover AI-generated phishing, Ransomware-as-a-Service (RaaS), double extortion, and software supply chain threats.

Is my assessment data stored or shared?

No. All assessment scoring and recommendations are generated entirely in your browser. No data is transmitted to any server or stored externally.

What is double extortion ransomware?

Double extortion ransomware is an attack technique where cybercriminals both encrypt the victim's data and exfiltrate it, threatening to publish it publicly if the ransom is not paid. Triple extortion adds a third threat such as a DDoS attack. This assessment covers preparedness for all extortion variants.

What is the 3-2-1-1-0 backup rule?

The 3-2-1-1-0 backup rule is a 2026 best practice: maintain 3 copies of data, on 2 different media types, with 1 offsite copy, 1 air-gapped or immutable copy, and 0 errors verified through regular restoration testing. This improves on the older 3-2-1 rule by requiring immutability and verified integrity.

Ransomware Readiness Assessment Tool

Evaluate your organization's preparedness against ransomware threats

Updated April 2026 · 7 Domains · 80+ Controls

Why This Assessment Matters

Ransomware attacks continue to rise in frequency and sophistication, with AI-generated phishing, double extortion, and Ransomware-as-a-Service (RaaS) lowering the barrier for attackers. The average total cost of a ransomware attack now exceeds $5.1 million in 2026, including ransom payments, recovery costs, regulatory fines, and business disruption.

This assessment covers 7 domains and 80+ controls — updated for 2026 threats including AI-augmented attacks, identity-based ransomware, cloud workload targeting, and software supply chain compromise:

Prevention Controls — EDR/XDR, ZTNA, AD hardening, cloud security posture, data classification
Detection Capabilities — MDR/SOC, ITDR, AI/ML anomaly detection, SOAR triage
Response Readiness — Extortion playbooks, out-of-band comms, negotiation, CIRCIA compliance
Recovery Capabilities — Air-gapped backups, 3-2-1-1-0 strategy, clean-room recovery
Organizational Preparedness — Deepfake simulations, MSP/RMM audits, supply chain security
Governance — Payment policy, OFAC screening, post-quantum cryptography planning
AI & Agentic Security New — AI agent inventory, prompt injection testing, model supply chain

Complete all seven sections to receive your personalized maturity score and prioritized recommendations.

Select Your Industry

Choose your industry to receive tailored assessment criteria and recommendations specific to your sector's unique challenges and requirements.

Ransomware Readiness Assessment Tool

Why This Assessment Matters

Select Your Industry

Healthcare & Medical

Financial Services

Government & Public Sector

Education

Manufacturing & Industrial

Retail & eCommerce

Technology & Software

Energy & Utilities

Other Industries