Understanding your security score
How the A–F grade is calculated and what each severity level means.
Understanding your security score
We convert 30+ individual checks into a single score and grade so you can see your overall posture at a glance.
The grade scale
| Score | Grade | Meaning | |-------|-------|---------| | 90–100 | A | Strong posture. Rare edge cases only. | | 80–89 | B | Good posture. A few fixable gaps. | | 70–79 | C | Meaningful gaps. Prioritise fixing this quarter. | | 60–69 | D | Attacker-attractive. Fix within 30 days. | | 0–59 | F | Active risk of breach. Fix immediately. |
Severity levels
- Critical — active exposure or data leak. 24-hour SLA.
- High — serious misconfiguration or missing control. 7-day SLA.
- Medium — hardening that should exist. 30-day SLA.
- Low — best-practice finding. Fix when you can.
- Info — informational only. No action required.
Hero finding
At the top of the overview page we highlight the single most impactful finding — the one where fixing it will most improve your score and block the most likely attack vector. When you fix the hero finding, the next-most-important one takes its place.
Scoring algorithm
Starting at 100, we subtract points for each open finding:
- Critical — 25 points
- High — 15 points
- Medium — 5 points
- Low — 1 point
Suppressed/accepted risks do not count against the score but are listed separately.
Score trend
On the overview page, the score-over-time chart shows the last 12 months. Green deltas are improvements, red deltas indicate new findings. We snapshot once per day per asset.