Pricing
Know the price before you order.
No hidden costs.
Every package is a fixed price - no "contact us for a quote", no hourly rates, no sales call just to learn the number. Most security firms hide their prices behind "call for an offer." We show ours here.
See the pricingPreScan
The diagnostic - where everyone starts
- Passive external scan - no access to your systems
- Inventory of the attack surface visible from the internet
- Leaked-credential check for your domain
- Email posture: presence of SPF, DKIM, DMARC
- Top 3-5 findings - "what an attacker would target first"
- Delivery time
- 24 hours
- Re-scan
- -
- Debrief call
- -
CyberAudyt
Full external assessment - for most firms
- Everything in PreScan, deepened and manually verified
- Port and service scan from external IP addresses
- SPF, DKIM, DMARC record verification with recommendations
- Prioritised vulnerability list (critical / high / medium / low) with CVSS
- Plain-language report - written for the owner, not the IT person
- Vertical section (practice system / ERP / booking) matched to your segment
- Delivery time
- 5 business days
- Re-scan
- Paid - 50% of price
- Debrief call
- 30 minutes
Pentest
For regulated entities or on client demand
- Everything in CyberAudyt as the starting point
- Active penetration testing of priority findings
- Optional internal-network testing scope (separate scope letter)
- Attack-chain narrative with proof-of-concept evidence
- Executive summary for a corporate client, regulator or insurer
- Delivery time
- 9-14 business days
- Re-scan
- Included (once)
- Debrief call
- 90 minutes
Prices are final - no VAT added, no hidden costs. The amount you see is the amount on the invoice. We bill in USD for US and international clients; EUR for EU companies on request; PLN for Poland-registered entities.
Guarantee: if CyberAudyt doesn't surface at least 3 actionable findings, you pay nothing.
Honest boundaries
What the price does not include
Clear boundaries mean fewer misunderstandings. Here is what is not in the price - and what to do about it.
Internal (behind-the-firewall) testing
CyberAudyt is an external assessment. Testing from inside the network is available as part of a Pentest, after the scope is described and authorised.
Authenticated web-application testing
We assess the publicly reachable application layer. Full testing behind a login (roles, permissions, business logic) is a separate, quoted service.
Continuous monitoring (SOC-as-a-service)
We do not run 24/7 monitoring or incident response. If you need that, we will refer you to partners we trust.
Implementing the fixes for you
The report tells you exactly what to fix and in what order, and on the call we help you prioritise with your IT provider. We do not make the changes inside your systems.
Pricing for your industry
What a typical firm in your segment pays
Pricing & billing questions
Frequently asked about pricing
- Why a fixed price instead of a quote?
- Hourly billing rewards firms that stretch a project out. A fixed price rewards efficiency. You know up front what you pay and what you get - no sales call to learn the number, no negotiation, no surprise at the end.
- What if our company is bigger or smaller?
- CyberAudyt is a fixed price regardless of the number of workstations, subdomains or locations. If the scope genuinely needs more (e.g. several independent web applications), we tell you before signing, not after.
- Are there hidden costs?
- No. The price on this page is the price you pay. We add no "extended scope" fees and no after-the-fact hours. The only optional extra is a re-scan after fixes - 50% of the CyberAudyt price.
- How does payment work - invoice, terms?
- We issue an invoice after delivery, paid by bank transfer. Usually a single payment per engagement; for a Pentest we can split it into stages. We agree the details before we start - no surprises.
- Will I get an invoice?
- Yes. Every engagement ends with an invoice from VIVO Finanse sp. z o.o. (operating as CyberCerber), based in Wrocław, Poland.
- Can I pay in instalments?
- CyberAudyt is a single payment. For a Pentest, given the longer timeline, we can split payment into stages (e.g. kickoff and report delivery). Get in touch and we will arrange a model that works.
- Is there a discount for multiple locations?
- The CyberAudyt price is fixed per company, not per location. For several separate entities or domains we prepare a combined package quote - usually better value than the sum of individual audits.
- Is the service available in EUR for EU companies?
- Yes. We bill in USD by default for US and international clients. EUR billing is available for EU companies on request. PLN billing for Poland-registered entities. Get in touch to confirm currency and terms.
First, see whether there's anything to worry about
The free PreScan shows what an attacker sees - in 24 hours, with no commitment. Only then do you decide on a full assessment.