Where does your organisation actually stand?

Most organisations believe they have credential security under control. Most are at Level 2 — aware of the risk, with tools that verify credentials they don’t control. Six questions will show you where you sit, what it costs you, and the exact path to Level 5.
Book a briefing →
0
Of breaches start with a stolen credential
0
Average total cost of a credential-based breach
0
Sectors where MyCena is operationally deployed
0
To full deployment — no infrastructure changes
The credential governance ladder

Five levels of control. One structural gap behind every breach.

Every organisation sits at one of five levels. The difference between them is not policy or awareness. It is architecture: does your organisation control the credential, or does the employee? The answer to that question is the answer to every breach headline you have read in the last decade.

5
Credential Control Achieved
The MyCena state — full structural governance
“Every credential across every system — human users, contractors, third parties, AI agents — is generated by us, distributed encrypted, injected invisibly, and revocable in one command.”
The evidence: Real-time audit trail. Auto-generated compliance reports. Zero helpdesk resets. A risk register with a line through credential-based breach. 25–40% cyber insurance premium reduction warranted.
← Your position
Score range
23–24 / 24
MyCena Governance package. All 6 domains at Score 4. Automated compliance reporting. GRC API included.
4
Structurally Controlled
Architectural credential control for the full workforce
“We’ve deployed MyCena for the full workforce and third-party access. Our highest-risk doors are governed. We can revoke any credential in seconds.”
The evidence: The attack pattern that caused Colonial, SolarWinds, and Scattered Spider is no longer available against our environment. 10–20% insurance premium reduction warranted.
← Your position
Score range
19–22 / 24
MyCena Resilience package. Phishing and sharing attacks no longer viable. One or two domains not yet at maximum.
3
Technically Enforced
Controls in place — but the architectural gap remains for most users
“We have MFA, SSO, and PAM for privileged users. But the general workforce credential still exists in human hands. We still ask employees to create and manage their own passwords.”
The reality: Every tool in the stack verifies the credential. None of them controls it for the standard workforce. Third-party access remains policy-governed. Regulatory minimum is met, but phishing and sharing attacks remain viable for standard users.
← Your position
Score range
13–18 / 24
No insurance reduction. Regulatory minimum met. Standard user credential remains phishable and shareable.
2
Policy-Based
The most dangerous position — the illusion of control
“We know the risk. We have MFA, SSO, and a zero trust framework. But we still ask users to create and manage their own credentials.”
The danger: The illusion of control is more dangerous than acknowledged exposure. Every tool you have verifies the credential. None of them controls it. This is the market average position. 30%+ annual breach probability. No insurance premium reduction warranted.
← Your position
Score range
7–12 / 24
Standard premium — no reduction. MFA deployed but sharing is still possible. Credential remains visible and transferable. Market average.
1
Unmanaged
Exposure without visibility
“We have thousands of employees, contractors, and vendors accessing our systems with credentials we didn’t create, can’t see, and can’t instantly revoke.”
The evidence: Every major breach of the last decade. Colonial. SolarWinds. M&S. Jaguar. Kaseya. Scattered Spider. The cost is named, quantified, and sitting on the board’s agenda whether the CISO puts it there or not. Significant insurance loading — some underwriters declining.
← Your position
Score range
0–6 / 24
Significant insurance loading. Some underwriters declining at this level. Personal liability active under NIS2 and FCA SMCR for informed directors.
90-second self-assessment

Not sure which level you’re at? Six questions will tell you.

Answer one question per domain. See your level, your gap, your insurance position, and the exact path to Level 5. Your results highlight your position on the ladder above.

Take the assessment →
Credential governance assessment

Six domains. One score. Your position on the ladder.

Select the option that most accurately describes your organisation today for each domain. Results update live. When all six are answered, your position is highlighted on the ladder above.

D1 Credential generation — who creates the credentials your employees use?
D2 Credential visibility — can users see and share their credentials?
D3 Revocation speed — how fast can access be terminated?
D4 Audit trail — is every access event logged and available on demand?
D5 Third-party access — do you control vendor and contractor credentials?
D6 Compliance evidence — continuous and automatic, or manual preparation?
Answer all 6 domains to see your ladder position
↑ See your position highlighted on the ladder
Total score
out of 24
Maturity level
Weakest domain
Highest priority gap
Domain D1 D2 D3 D4 D5 D6
Generation · Visibility · Revocation · Audit · Third-party · Compliance
Gap analysis — your path to Level 5
Domain Now Target What changes
Your path — MyCena packages
Step 1
Unphishability
£500 / user / year
Reaches Level 4
Closes D1, D2, D3 to Score 4 · Eliminates phishing, sharing, and credential theft across all employees
Step 2
Resilience
£800 / user / year
Reaches Level 4–5
Closes D1–D5 to Score 4 · Adds third-party credential governance · Full audit trail on demand
Step 3
Governance
£1,000 / user / year
Reaches Level 5
Closes all 6 domains to Score 4 · Automated compliance reporting · GRC API integration · Level 5 achieved
Credential governance assessment — copy into your board pack or insurance renewal
Ready to close the gap?
Book a 45-minute assessment. We will walk through your domain gaps one by one.
Book a briefing →
MyCena
Powered by  GDPR Cookie Compliance
Privacy Overview

This website uses cookies so that we can provide you with the best user experience possible. Cookie information is stored in your browser and performs functions such as recognising you when you return to our website and helping our team to understand which sections of the website you find most interesting and useful.