CyberTwin
Pricing

Pick a plan. Every price published.

Assess decides, Operate runs the work, Program proves it — and Enterprise is Program on your own infrastructure. Monthly or annual on Assess and Operate, cancel anytime; Program is annual only.

Decide · Do · Prove — four plans
  • (01)
    Assess
    DECIDE
    $4,800/yr
  • (02)
    Operate
    DO
    $14,400/yr
  • (03)
    ProgramMost popular
    $36,000/yr
  • (04)
    Enterprise
    Program, on your infrastructure
    Custom · from $72K/yr
Compare every line

Not sure which tier fits?

(01)DECIDE · DO · PROVE

Match the plan to the job.

ASSESS · DECIDE
$4,800/yr
$499/month, cancel anytime

For the founder staring down a first audit, a board question, or a customer questionnaire.

  • · Design a new stack — Lean, Balanced, Advanced, priced
  • · Review the architecture you already run
  • · Compliance scoring across all 24 frameworks
  • · Board-ready PDF + risk register
  • · Breach Replay — type a CVE ID, see if it reaches you
  • · 1 configuration review a year
OPERATE · DO
$14,400/yr
$1,499/month, cancel anytime

For the in-house team that owns security week to week.

  • Everything in Assess, plus:
  • · Configuration Review — 3 a year, rule by rule
  • · Single-vendor attack paths
  • · Report shares for your CFO, board, auditor, broker
  • · Insurance questionnaire pre-fill
  • · Underinsurance gap analysis
  • · Identity-export ingestion (Okta / Entra)
  • · Evidence ledger (read-only view)
  • · Re-run the assessment whenever your environment changes
PROGRAM · PROVE · MOST POPULAR
$36,000/yr
Annual only — no monthly option

For the security program that has to prove its posture all year, not assert it.

  • Everything in Operate, plus:
  • · Configuration Review — unlimited, all 37 vendors, 1917 checks
  • · Multi-vendor attack paths to your crown jewels
  • · Proof over time — the evidence ledger, hash-chained and dated
  • · NHI Blast Radius · Vendor Breach Simulator · Agent-Reachability Gate
  • · Year-in-review report

The jump from Operate buys proof over time: a tamper-evident, dated evidence ledger, a proven-regression trail, and the year-in-review — the difference between asserting your posture to an auditor and handing them a bundle they can re-verify themselves. Your CISO judgment still owns the board meeting; the engine does the analysis underneath.

ENTERPRISE · CUSTOM
Custom · from $72K/yr
Typically $72–150K/year

For organizations that need the engine on their own infrastructure, under their own brand.

  • Everything in Program, plus:
  • · Single-tenant, on your infrastructure
  • · White-label PDFs under your brand
  • · Named CSM with quarterly review
  • · Custom SLA, MSA, and DPA

We'll handle MSA, DPA, and PO.

These are CyberTwin's subscription prices — a flat fee, published in full. They're separate from the tool-cost estimates inside your reports, which price the recommended security tools (sourced from vendor pages and Vendr benchmarks). We never blur the two.

Comparing us to consultants or platforms? →

(02)LINE BY LINE

The full plan comparison.

Grouped the way buyers think, in plain English. Every plan scores all 24 frameworks.

Feature
Assess
$499/mo or $4,800/yr
Decide · cancel anytime
Operate
$1,499/mo or $14,400/yr
Do · cancel anytime
Program
$36,000/yr · annual only
Prove · Most Popular
Enterprise
Custom · from $72K/yr
Custom contract
Decide your architecture
Recommended stack of security tools
Three priced options (lean, balanced, advanced) for each recommendation
Compliance posture across all 24 frameworks
Review of your current architecture — gaps and upgrades
Step-by-step setup guide for every tool you choose
Board-ready PDF + risk register
Upload audit reports and security docs — we surface contradictions
Read network diagrams and extract topology
Compare scenarios side-by-side
Assessment refreshes3 / yearUnlimitedUnlimitedUnlimited
Monthly engine refresh + end-of-month digest email
Audit your tool configurations
Configuration Reviews per year13UnlimitedUnlimited
Vendors coveredAny 1 per reviewAny 1 per reviewAll 37All 37
Rule-by-rule security and compliance audit
What's misconfigured and how to fix it (per-finding remediation)
Rules Excel export
See how attackers would break in
Attack-path mapping from your architectureIn your reviewSingle-vendorMulti-vendorMulti-vendor
Specific attacker technique named for each weakness
Threat-group attribution
Cross-vendor attack chains, stitched to your crown jewels
Prove it over time
Re-upload an export to re-prove your posture
Evidence ledger — read-only view of your signed entries
Evidence ledger — tamper-evident proof trail
Proven-regression trail (a closed gap that reopens)
Audit readiness — show-me vs trust-me per control
Proven-closure copilot (a fix is closed only when re-proven)
Reports you can send to people
Compliance-only report for your auditor
All compliance playbooks as Word documents
Pack for your board (risk-quantified)
Pack for your auditor (control evidence + framework mapping)
Pack for your insurance broker (questionnaire pre-filled)
Attack-path simulation report
Incident retrospective template
Each setup step tagged with which compliance controls it satisfies
Year-in-review report (60 days before your renewal)
OSCAL export — machine-readable control evidence for GRC tools (NIST OSCAL: SAR, POA&M, profile, catalog)
Share reports with stakeholders
For regulated and partner-firm use
Your firm's logo on every PDF (white-label)
Map your custom internal control sets
Your own single-tenant instance
Support
How to reach usEmailEmailEmail + ChatEmail + Chat + Phone
Reply within2 business days2 business days1 business day4 hrs critical / 24 hrs standard
Service-level agreement (with contractual penalties)
Named success manager
Quarterly business review
Billing
Monthly billing (cancel anytime)Custom
Annual billing✓ (~20% off)✓ (~20% off)✓ (annual-only)Standard
Minimum commitment1 month1 month1 yearPer quote
(03)ROI CALCULATOR · POWERED BY THE ACTUAL ENGINE

See your year-one ROI.

Five inputs. Live calculation. Same engine math your real assessment uses — calibrated against IBM 2025, Verizon, Sophos, and Coalition breach data.

Expected loss without changes
Source: IBM Cost of a Data Breach 2025 + Verizon DBIR 2024 + Sophos 2024 + Coalition Cyber Claims 2024
Expected loss with CyberTwin Operate · $14,400/yr
Source: Engine effectiveness curve calibrated against Balanced reference (posture 78)
Expected loss with CyberTwin Program · $36,000/yr
Source: Engine effectiveness curve calibrated against Advanced reference (posture 91)

Calculations are deterministic — the same engine that produces your real assessment. Numbers are illustrative based on declared inputs; your actual environment may produce different results.

(04)PRICING FAQ

Asked before buying.

Assess at $499/month or $4,800/year. One environment, the decision engine output — architecture design, current-state review, 24-framework compliance scoring, scenario comparison, and the board-ready PDF. No free tier today; the engine output requires actual customer + environment data to be useful.
Operate audits one of your security tools' configuration deeply per review, three reviews a year (you upload the config export), and includes the auditor pack, the insurance broker questionnaire pre-fill, and attack-path reporting. Program runs unlimited reviews across all 37 supported tools — you upload the configs, we run every vendor-specific check — plus cross-vendor attack-path chains stitched to your crown jewels, the evidence ledger, and the year-in-review report. If you've got one critical system to scrutinize, Operate fits. If you're running a full program, Program is the fit.
Assess and Operate monthly billing cancels at the next billing cycle. Annual billing runs to term.
No refunds on paid tiers, but you can cancel before any future charge. After cancellation, your account is read-only for 90 days so you can export your data; we retain the data for another 90 days for re-activation; deleted permanently after 180 days.
You keep your data. You lose access to features the lower tier doesn't include. Your existing PDFs remain downloadable for 90 days. You can re-upgrade anytime.
Credit card via Stripe (Visa, Mastercard, Amex). ACH for annual purchases over $10,000 — email billing@cybertwin.io to set up. Wire transfer for multi-year contracts. No invoicing on monthly plans.
No free trial — card is required at signup. The sample report at /sample-report is the evaluation path: download it, see exactly what the engine produces, then decide. Assess is the paid entry tier ($4,800/yr or $499/mo).
Monthly billing is charged every 30 days. Annual is one upfront payment and saves the real dollar gap per tier — $1,188/yr on Assess, $3,588/yr on Operate (about 20% off the monthly run-rate). Program is annual-only. Both options support the same feature set on the chosen tier.
Upgrade anytime — proration is applied automatically. Downgrade takes effect at the end of your current billing cycle. No upgrade penalties, no downgrade penalties.
Yes. 10% off year 2 of an annual subscription. 20% off year 3. Three-year prepay available — email billing@cybertwin.io. The discount applies to the published list price; we don't negotiate beyond what's published.
30% off any tier for: registered 501(c)(3) nonprofits, accredited education institutions, pre-seed and seed-stage startups (under $5M raised). Email hello@cybertwin.io with proof before signup. Discount applies for as long as you remain eligible.
When you need any of: white-label PDFs (custom logo + cover branding), single-tenant deployment, multi-entity grouping (parent + subsidiaries under one contract), a dedicated success manager, SLA-backed response time with contractual penalties, custom framework mapping, or custom integrations. Email enterprise@cybertwin.io or use the contact form — pricing typically lands in the $72–150K/yr range depending on scope.

More on product, data, or compliance? Search the full FAQ →

READY TO START

Start small. Upgrade when it earns it.

Your reports are PDFs. They're yours — they work after you cancel.

Pricing — CyberTwin