Skip to main content

Fixed-price vulnerability assessment for SMBs

Someone is already scanning your practice. We tell you what they see - before they use it.

Fixed-price external vulnerability assessment for dental clinics, accounting firms, and aesthetic medicine practices. No IT department required. Results in 5 business days. Written in plain English - so the people running your business can actually act on it.

Get my free PreScan - 24 h See exactly what we check
  • Free PreScan, no obligation
  • Fixed price - no hourly bills, no surprises
  • Report in 5 business days, not 5 weeks
$2.07M1
per violation category — the HIPAA Civil Monetary Penalty cap. Patient and client data sits in your hands every day.
60 days2
HIPAA breach notification deadline to HHS. FTC Safeguards gives accounting firms 30 days. Most SMBs can’t identify the breach in that window.
$3.31M3
average cost of a breach for an organisation under 500 employees in 2024. For a clinic, that’s the business.

Fit check

This is built for one kind of business

CyberCerber is designed for small and medium practices that hold sensitive personal or financial data but don't have a full-time security team. If that's you, this is the cheapest, fastest way to know what you're exposing.

For you if:

  • You run a dental clinic, accounting firm, or aesthetic medicine practice (1-50 employees)
  • You process patient records, financial data, or before/after photos
  • You rely on an external IT provider (or no IT at all) and can’t tell what’s exposed to the internet
  • You’ve ever thought "I’d have no idea if we were already compromised"

Probably not for you if:

  • You already have an internal SOC or a recent pen-test report (in the last 12 months)
  • You want a compliance certificate to file, not findings to fix (we’re a security firm, not an audit firm)
  • You’re looking for managed EDR / 24-7 monitoring (we scope once; we don’t hold the keys)

Three verticals, one methodology

Specialized assessment for your industry

We only work with three kinds of business - because the threats against them are specific, repeatable, and completely fixable when you know where to look.

Dental Clinics

Patient records sell for up to 50× more than credit cards on the dark web. Your practice holds exactly what attackers pay for: full identities, health histories, payment data - usually on ageing Windows machines behind a single consumer router.

See what we check

Accounting Firms

One compromised inbox can redirect a client's wire transfer. One exposed NAS can leak every tax return you've filed this year. For an accounting firm, a breach isn't a technical problem - it's a licence problem.

See what we check

Aesthetic Medicine

Before/after photos are protected health information under HIPAA. One stolen storage folder and your clients’ intimate images are online — with your name attached. No PR campaign recovers from that.

See what we check

The process

How CyberCerber works

  1. 01

    Free PreScan (24 hours)

    Before we talk price, we scan your public-facing infrastructure using the same tools attackers use. You get a short summary of what's exposed - open ports, leaked credentials, email spoofing risk. No access required on your end. No obligation.

  2. 02

    Full Assessment (5 business days)

    If the PreScan finds something worth acting on, we run a complete external assessment: every exposed service, known CVE, leaked staff credential, email security record, and web application vulnerability. Fixed price. No hourly billing.

  3. 03

    Report + 30-min Debrief

    You get a prioritised report in plain English with critical / high / medium / low findings and a concrete fix order. Then 30 minutes on a call to walk your IT provider or practice manager through it. What to fix. In what order. What it’ll cost.

What's actually in it

Your free PreScan includes

Most cybersecurity sales calls want your budget first. Ours start by showing you what attackers can already see - for free, in 24 hours, with zero access required on your end.

  • External port & service scan

    Every service facing the public internet, identified by version.

  • Known-CVE match

    Your exposed services cross-checked against the NVD vulnerability database.

  • Leaked-credential check

    Your domain’s email addresses checked against public breach databases (Have I Been Pwned and paid dark-web feeds).

  • Email spoofing test

    Whether attackers can send emails appearing to come from your domain (SPF / DKIM / DMARC).

  • Short-form findings summary

    Plain-language, no jargon, no sales pitch.

  • One clear next step

    If the findings are serious, we send a fixed-price proposal. If they’re not, you keep the summary and we disappear.

That's the guarantee. If we find nothing worth your attention, you keep the report anyway. No invoice. No follow-up sales calls.

Three products, one path

Start free. Pay only if there's something to fix.

Most SMBs don't know whether they even need a security audit. The free PreScan answers that in 24 hours. If we find something, you get two clearly-priced next steps - no quotes, no haggling.

Start here

PreScan

Free

Passive external scan. See what an attacker sees from the internet - in 24 hours, with zero access on your end.

Most popular

CyberAudyt

$900

market rate $2,000-4,000

Full external vulnerability assessment with manual verification, a plain-English report in 5 business days, and a 30-minute consultation call.

Pentest

$4,900

market rate $5,000-15,000

Active penetration testing for regulated entities, or when a corporate client or insurer explicitly requires it.

Fixed price - no hourly billing, no surprises.

Guarantee: if CyberAudyt doesn't surface at least 3 actionable findings, you pay nothing.

Start with the free PreScan See a sample report

Why CyberCerber

How we differ from a typical pen-test shop

Five reasons owners pick a fixed-price, plain-language assessment over a traditional security firm.

CyberCerber Typical pen-test firm
Pricing Fixed, visible up front Custom quote, hidden
Report language Owner-level, plain English Technical jargon
Vertical focus Dental / accounting / aesthetic Generic, any industry
The report Prioritised, action-first 80-page PDF, no priorities
Lead time 5 business days 2-4 weeks

Before you ask

Questions we hear before every scan

"We're too small to be targeted."
Ransomware groups scan the entire IPv4 address space every few hours. They don't pick targets - they pick open doors. In Verizon's 2024 breach report, small businesses accounted for roughly 43% of all breaches. Size is not a defence; being uninteresting is not a strategy.
"We already have an IT provider - doesn't that cover this?"
External IT providers usually manage your uptime and your computers. They are rarely contracted to find vulnerabilities from an attacker's perspective, and most don't scan the parts of your infrastructure that face the internet. We do one specific job - adversarial external assessment - and hand the results to them to fix.
"What does the scan actually do to our systems?"
Nothing invasive. The PreScan is external and non-intrusive - it reads what your systems already publish to the public internet. No logins, no installed agents, no traffic load. It's what a motivated attacker does on a Tuesday afternoon.
"Why should we trust you with this?"
You don't have to trust us with anything. The PreScan requires zero credentials from you, zero network access, and no data beyond your domain name. You see what we find; you decide if there's a conversation to have.
"How much does a full assessment cost?"
CyberAudyt is a fixed $900 net - regardless of how many online services or subdomains you run, or how complex your infrastructure is. No hourly billing. A Pentest, for regulated entities or when a corporate client demands one, is $4,900 net. The PreScan is free, and that's where everyone starts.
"How fast do I actually get results?"
PreScan within 24 hours. A full CyberAudyt report - in plain English - within 5 business days of order, not the 2-4 weeks a classic pen test takes. Fixed timeline, fixed price.

Takes 5 minutes. Results in 24 hours.

Know what attackers already know about you.

Send us your domain. We'll run a free PreScan and tell you exactly what we - and they - can see.

Get my free PreScan - it's free, really

No credit card. No access to your systems. No sales call unless you want one.

Knowledge Base

Industry Guides

Services

Glossary

Sources

  1. 1HIPAA Civil Monetary Penalties — HHS OCR enforcement tiers and penalty caps (hhs.gov)
  2. 2HIPAA Breach Notification Rule — 60-day HHS notification requirement (hhs.gov)
  3. 3IBM Cost of a Data Breach Report 2024 (ibm.com/reports/data-breach)
  4. 4Verizon Data Breach Investigations Report 2024 (verizon.com/dbir)