Where does your organisation actually stand?

Most organisations believe they have credential security under control. Most are at Level 2 — aware of the risk, with tools that verify credentials they don’t control. Six questions will show you where you sit, what it costs you, and the exact path to Level 5.
Book a briefing →
0
Of breaches start with a stolen credential
0
Average total cost of a credential-based breach
0
Sectors where MyCena is operationally deployed
0
To full deployment — no infrastructure changes
The credential governance ladder

Five levels of control. One structural gap behind every breach.

Every organisation sits at one of five levels. The difference between them is not policy or awareness. It is architecture: does your organisation control the credential, or does the employee? The answer to that question is the answer to every breach headline you have read in the last decade.

5
Credential Control Achieved
The MyCena state — full structural governance
“Every credential across every system — human users, contractors, third parties, AI agents — is generated by us, distributed encrypted, injected invisibly, and revocable in one command.”
The evidence: Real-time audit trail. Auto-generated compliance reports. Zero helpdesk resets. A risk register with a line through credential-based breach. 25–40% cyber insurance premium reduction warranted.
← Your position
Score range
23–24 / 24
MyCena Governance package. All 6 domains at Score 4. Automated compliance reporting. GRC API included.
4
Structurally Controlled
Architectural credential control for the full workforce
“We’ve deployed MyCena for the full workforce and third-party access. Our highest-risk doors are governed. We can revoke any credential in seconds.”
The evidence: The attack pattern that caused Colonial, SolarWinds, and Scattered Spider is no longer available against our environment. 10–20% insurance premium reduction warranted.
← Your position
Score range
19–22 / 24
MyCena Resilience package. Phishing and sharing attacks no longer viable. One or two domains not yet at maximum.
3
Technically Enforced
Controls in place — but the architectural gap remains for most users
“We have MFA, SSO, and PAM for privileged users. But the general workforce credential still exists in human hands. We still ask employees to create and manage their own passwords.”
The reality: Every tool in the stack verifies the credential. None of them controls it for the standard workforce. Third-party access remains policy-governed. Regulatory minimum is met, but phishing and sharing attacks remain viable for standard users.
← Your position
Score range
13–18 / 24
No insurance reduction. Regulatory minimum met. Standard user credential remains phishable and shareable.
2
Policy-Based
The most dangerous position — the illusion of control
“We know the risk. We have MFA, SSO, and a zero trust framework. But we still ask users to create and manage their own credentials.”
The danger: The illusion of control is more dangerous than acknowledged exposure. Every tool you have verifies the credential. None of them controls it. This is the market average position. 30%+ annual breach probability. No insurance premium reduction warranted.
← Your position
Score range
7–12 / 24
Standard premium — no reduction. MFA deployed but sharing is still possible. Credential remains visible and transferable. Market average.
1
Unmanaged
Exposure without visibility
“We have thousands of employees, contractors, and vendors accessing our systems with credentials we didn’t create, can’t see, and can’t instantly revoke.”
The evidence: Every major breach of the last decade. Colonial. SolarWinds. M&S. Jaguar. Kaseya. Scattered Spider. The cost is named, quantified, and sitting on the board’s agenda whether the CISO puts it there or not. Significant insurance loading — some underwriters declining.
← Your position
Score range
0–6 / 24
Significant insurance loading. Some underwriters declining at this level. Personal liability active under NIS2 and FCA SMCR for informed directors.
Ready to close the gap?
Book a 45-minute assessment. We will walk through your domain gaps one by one.
Book a briefing →
MyCena
Powered by  GDPR Cookie Compliance
Privacy Overview

This website uses cookies so that we can provide you with the best user experience possible. Cookie information is stored in your browser and performs functions such as recognising you when you return to our website and helping our team to understand which sections of the website you find most interesting and useful.