Comprehensive documentation for every CyberPoint Advisory tool, including methodology, data sources, and citations.
Helps business owners and CFOs build a data-driven financial case for cybersecurity compliance investment. Calculates ROI, payback period, and 5-year NPV using industry benchmarks.
CFO, business owner, or compliance officer evaluating whether to invest in a compliance program. Designed for Texas SMBs (under 250 employees).
Users select an industry preset or enter custom values. The calculator computes three benefit categories and shows real-time results with animated counters.
| Data Point | Value | Source | Year |
|---|---|---|---|
| Global average breach cost | $4.88M | IBM Security — Cost of a Data Breach Report | 2025 |
| U.S. average breach cost | $9.36M | IBM Security — Cost of a Data Breach Report | 2025 |
| Healthcare breach cost | $10.93M | IBM Security — Cost of a Data Breach Report (industry breakdown) | 2025 |
| Financial services breach cost | $6.08M | IBM Security — Cost of a Data Breach Report | 2025 |
| Manufacturing breach cost | $5.56M | IBM Security — Cost of a Data Breach Report | 2025 |
| Technology breach cost | $5.45M | IBM Security — Cost of a Data Breach Report | 2025 |
| Retail breach cost | $3.91M | IBM Security — Cost of a Data Breach Report | 2025 |
| Annual breach probability | ~14.7% | IBM/Ponemon Institute — 27.7% over 2 years, annualized | 2025 |
| Breach risk reduction | 60-80% | Forrester Research — Total Economic Impact of Compliance Automation | 2025 |
| Sales conversion improvement | 10-25% | Forrester Research — Enterprise buyer survey | 2024 |
| Insurance premium reduction | 15-25% | Marsh McLennan — U.S. Cyber Insurance Market Report | 2024 |
| Enterprise compliance requirement | 89% | Gartner — Market Guide for IT GRC Platforms | 2025 |
| NPV discount rate | 8% | Standard SMB weighted average cost of capital (WACC) | N/A |
Evaluates organizational readiness for SOC 2, ISO 27001, or HIPAA compliance through 20 framework-specific yes/no/partial questions, each citing the official standard clause.
User selects a framework, answers 20 questions (Yes=2pts, Partial=1pt, No=0pts), and receives a percentage score with tier-based recommendations (5 tiers from <40% to 90%+).
| Framework | Standard Referenced | Version |
|---|---|---|
| SOC 2 | AICPA Trust Services Criteria (TSC) — CC1-CC9, A1, C1, PI1 | 2017 (current) |
| ISO 27001 | ISO/IEC 27001:2022 — Annex A controls | 2022 |
| HIPAA | HIPAA Security Rule — 45 CFR Part 164 | 2013 (current) |
Each question cites its specific control clause (e.g., "SOC 2 CC6.1" or "ISO 27001 A.8.1").
4-step wizard evaluating a Texas business's readiness for SB 2610 safe harbor protection. Determines tier, assesses framework compliance, and generates prioritized recommendations.
Step 1: Business profile (employee count determines Tier 1/2/3). Step 2: Framework-specific compliance questions (dynamic based on tier). Step 3: Documentation assessment. Step 4: Breach response readiness. Produces a scored report with prioritized gaps.
| Data Point | Source |
|---|---|
| SB 2610 tier structure and requirements | Texas Business & Commerce Code Chapter 542 (SB 2610, 88th Legislature) |
| Tier 1 requirements (password policies, training) | SB 2610 Section 542.002(a) |
| Tier 2 requirements (CIS Controls v8 IG1) | SB 2610 Section 542.002(b); CIS Controls v8.0 |
| Tier 3 requirements (recognized frameworks) | SB 2610 Section 542.002(c); NIST CSF, ISO 27001, SOC 2, etc. |
| Effective date: September 1, 2025 | SB 2610 Section 542.005 |
Provides transparent cost estimates for SB 2610 compliance implementation across 6 categories, with DIY, guided, and full-service pricing comparisons.
User selects their tier, industry, and data types. The tool calculates costs across: assessment, policy development, technical controls, training, testing, and ongoing maintenance.
| Data Point | Source |
|---|---|
| SB 2610 tier requirements | Texas Business & Commerce Code Chapter 542 |
| CIS Controls v8 IG1 (56 safeguards) | Center for Internet Security — CIS Controls v8.0 |
| Cost ranges by tier | CyberPoint Advisory — proprietary market analysis of Texas MSP/MSSP pricing |
| Industry-specific compliance requirements | HIPAA Security Rule, PCI DSS v4.0, NIST CSF 2.0 |
Note: Cost estimates are based on CyberPoint Advisory's experience with Texas SMBs and current market rates. Actual costs vary by organization.
8-question wizard that recommends the best cybersecurity framework based on business size, industry, compliance needs, budget, and risk profile.
| Framework | Publisher | Version | Best For |
|---|---|---|---|
| NIST Cybersecurity Framework | NIST | CSF 2.0 (Feb 2024) | General-purpose, Tier 3 compliance |
| CIS Controls | Center for Internet Security | v8.0 (May 2021) | Tier 2 compliance, smaller orgs |
| ISO/IEC 27001 | ISO/IEC | 2022 edition | International business, certification |
| NIST SP 800-171 | NIST | Rev 3 (May 2024) | Government contractors, CUI |
| Essential Eight | Australian Signals Directorate | 2023 update | Pragmatic baseline |
Generates a phased implementation timeline with Gantt chart view based on tier, maturity, resources, urgency, and budget. Supports ICS calendar export.
| Data Point | Source |
|---|---|
| SB 2610 effective date (Sept 1, 2025) | Texas Business & Commerce Code Chapter 542 |
| CIS Controls implementation timelines | CIS — CIS Controls Implementation Guide |
| Phase duration estimates | CyberPoint Advisory — proprietary implementation data |
Tier-specific compliance checklist with CIS Controls v8 IG1 safeguards and linked CISA educational resources. Tracks implementation progress locally.
| Data Point | Source |
|---|---|
| CIS Controls v8 IG1 safeguards (56 controls) | Center for Internet Security — CIS Controls v8.0 |
| "How-To" implementation guides | CISA — Cybersecurity Resources for Small Business |
| SB 2610 tier-specific requirements | Texas Business & Commerce Code Chapter 542 |
Interactive progress-tracking checklist for SB 2610 safe harbor compliance. Tier-specific items with legal citations and completion percentages.
| Data Point | Source |
|---|---|
| Safe harbor requirements by tier | Texas Business & Commerce Code Chapter 542 |
| Recognized cybersecurity frameworks list | SB 2610 Section 542.002(c) — NIST CSF, ISO 27001, CIS Controls, SOC 2, HITRUST, SCF, PCI DSS, HIPAA, GLBA, FISMA |
| Documentation requirements | SB 2610 Section 542.003 — burden of proof provisions |
Self-assessment across all 6 NIST CSF 2.0 functions (Govern, Identify, Protect, Detect, Respond, Recover) with Tier 1-4 scoring and prioritized recommendations.
| Data Point | Source |
|---|---|
| 6 CSF functions and definitions | NIST — Cybersecurity Framework 2.0 (February 2024) |
| Implementation Tier definitions (1-4) | NIST CSF 2.0 — Section 4.2 Framework Tiers |
| Improvement recommendations per function | NIST CSF 2.0 — Implementation Examples (NIST SP 1299) |
Interactive reference for all 6 NIST CSF 2.0 functions, 23 categories, and 106 subcategories with implementation examples and CIS Controls mappings.
| Data Point | Source |
|---|---|
| 106 subcategories and outcomes | NIST — Cybersecurity Framework 2.0 Core (February 2024) |
| Implementation examples | NIST SP 1299 — CSF 2.0 Implementation Examples |
| CIS Controls mappings | CIS — CIS Controls v8 Mapping to NIST CSF 2.0 |
Generates customized phased implementation plans based on organization size, current maturity tier, target tier, timeline, budget, and industry.
| Data Point | Source |
|---|---|
| NIST CSF tiers and functions | NIST — Cybersecurity Framework 2.0 |
| Phase structure and task estimates | CyberPoint Advisory — proprietary implementation methodology |
| NIST CSF subcategory IDs in task lists | NIST CSF 2.0 Core |
7-question weighted quiz to determine the appropriate CIS Controls Implementation Group (IG1, IG2, or IG3) based on organization size, data sensitivity, and risk profile.
| Data Point | Source |
|---|---|
| IG1: 56 safeguards (essential hygiene) | Center for Internet Security — CIS Controls v8.0 |
| IG2: 130 safeguards (expanded) | CIS Controls v8.0 — Implementation Group 2 |
| IG3: 153 safeguards (comprehensive) | CIS Controls v8.0 — Implementation Group 3 |
| IG selection criteria | CIS — CIS Controls v8 Implementation Guide for SMEs |
Interactive fillable form that generates a NIST-based breach response plan with SB 2610 compliance documentation, emergency contacts, backup procedures, and customer data inventory.
| Data Point | Source |
|---|---|
| 4-phase incident response (Prepare, Detect, Contain, Recover) | NIST SP 800-61 Rev 2 — Computer Security Incident Handling Guide |
| Texas breach notification requirements | Texas Business & Commerce Code Chapter 521 — Unauthorized Use of Identifying Information |
| SB 2610 documentation requirements | Texas Business & Commerce Code Chapter 542 |
| FBI IC3 reporting | ic3.gov — Internet Crime Complaint Center |
| CISA incident reporting | cisa.gov/report |
CISA-based cybersecurity self-assessment with 24-item checklist, maturity scoring, common vulnerability fixes, and incident response template for small businesses.
| Data Point | Source |
|---|---|
| 24-item assessment categories | CISA — Cyber Essentials for Small Business |
| Maturity level definitions | NIST CSF 2.0 Implementation Tiers |
| Vulnerability remediation guides | CISA — Known Exploited Vulnerabilities Catalog; NIST NVD |
| Incident response template | NIST SP 800-61 Rev 2 |
All data sources referenced across the CyberPoint tool suite, organized by publisher.