A number you
can trust
A single headline score, built on CAF, gives a clear answer to a critical question: where are we today?
Norm’s Cyber Resilience Score
A government grade, quantified measure of your cyber resilience.
Can you quantify cyber resilience?
Boards make decisions using clear, comparable data. Credit scores. Liquidity ratios. Safety metrics. Sales KPIs. But, cyber security is different.
It is reported through fragmented dashboards, vendor scores, traffic lights and point in time assessments. Activity is visible, resilience is not.
This creates a governance gap, leaving most organisations unable to answer a basic business question: How resilient are we to a cyber attack?
The Norm Cyber Resilience Score exists to answer that question clearly, credibly and continuously.
One score. Real resilience.
The Cyber Resilience Score is a government grade, quantified measure of your organisation’s ability to withstand, detect and recover from cyber attack.
Built on the UK National Cyber Security Centre’s Cyber Assessment Framework (CAF), it provides both a baseline and a structured improvement path tied directly to business continuity.
CAF defines what good looks like across four key outcomes:
The Cyber Resilience Score translates these into a single, measurable number, reflecting resilience across
your entire environment, live in the Smartbloc Portal.
Measuring the whole environment, not just the tools
Most cyber metrics capture isolated slices of the environment.
The Cyber Resilience Score reflects controls delivered by NormCyber alongside your existing technology stack, third party providers and internal teams, integrating signals across your estate into a single view leadership can trust.
Structured self-assessment is combined with validated operational data to produce a view of resilience grounded in reality, not aspiration. Technical teams can see exactly what is driving change and where to focus next. Leadership can see whether resilience is strengthening or eroding and why.
The result is a defensible measure of how your organisation would perform under real attack conditions.
What the score actually reflects
The score continuously tracks whether critical controls are being maintained, including:
- User behaviour and training effectiveness
- Vulnerability discovery, prioritisation and remediation speed
- Digital footprint exposure and cloud configuration risk
- Incident frequency, severity and resolution
- Endpoint, identity and email protection coverage
- Incident response testing and penetration testing outcomes
These are the controls regulators expect, and the ones customers, insurers and investors increasingly scrutinise.
The score provides a clear evidence trail for assurance, insurance and due diligence.
What it gives you
A number you
Continuous
visibility
The score updates as your environment changes. Static reports are replaced with live insight, available 24/7.
Direction,
not noise
Every movement is tied to specific risks and actions. You can see what is improving resilience and what is degrading it.
Evidence-Backed
Confidence
Give leadership, customers and insurers a defensible view of cyber risk, with progress they can verify.
How improvement
actually happens
The Cyber Resilience Score is not passive.
A dedicated Focal Analyst is accountable for driving measurable improvement, translating technical activity into board level outcomes and maintaining momentum over time.
Resilience improves in practice, not just on paper.
What you can expect
- On average, customers see 100 percent improvement in cyber resilience within 12 months
- Sustained year on year improvement
- Clear, reportable return on security investment
- Increased confidence at board level
Cyber security, measured like the business expects
The Cyber Resilience Score gives organisations what cyber security has long lacked. A clear, credible measure of resilience.
Book a demo.