CyberGrape
    CyberGrape
    Insights
    Risk Management

    Stop managing risk in spreadsheets.

    A live risk register, heat map and treatment tracker built into your CyberGrape Platform. Every risk owned, tracked and connected to the SMB1001 controls that address it: so treating a risk always moves your certification forward at the same time.

    Risk management should drive decisions, not document them.

    Most SMB risk management lives in a spreadsheet that is updated once a year, shared to a folder nobody opens, and presented to the board with a three-month lag. It records risks after the fact rather than helping anyone make better decisions before them.

    The CyberGrape risk module is designed differently. Risks are live, owned by real people, connected to treatment actions with due dates, and linked directly to the security controls they affect. When a risk is treated, the platform registers the progress. When a new vulnerability is discovered, it surfaces as a risk automatically.

    The result is a risk register your board can trust and your auditor can rely on: not one you recreate the week before a review.

    Risk register: live view
    app.cybergrape.io/risk/register
    Total Risks
    18
    Critical / High
    5
    Overdue Actions
    2
    Avg Risk Score
    6.4
    Risk
    Likelihood
    Impact
    Rating
    Owner
    Status
    Ransomware via vendor accessHighCriticalCriticalIT LeadTreating
    Phishing: finance teamHighHighHighHRTreating
    Unpatched endpointsMediumHighHighIT LeadOpen
    SaaS data residency breachLowHighMediumLegalAccepted
    Staff password reuseMediumMediumMediumIT LeadTreating
    Business continuity gapLowMediumLowCEOOpen

    What the risk module includes.

    Risk register

    A structured log of every identified risk: likelihood, impact, owner, treatment, and current status. Built in the platform, not a spreadsheet that lives on someone's desktop and goes out of date.

    Risk heat map

    Your entire risk landscape plotted by likelihood and impact. See at a glance which risks need immediate treatment and which are within your accepted tolerance. Updated automatically as risks are treated and new ones are identified.

    Risk ratings and scoring

    Each risk scored consistently using a structured methodology. No more guessing whether a 'high' risk in one part of the business is comparable to a 'high' in another. Consistent ratings across the whole register.

    Treatment tracking

    Every risk treatment plan tracked to completion. Assign an owner, set a due date, and the platform monitors progress. When a treatment is overdue, it surfaces to the right people: not buried in a spreadsheet no one checks.

    Risk assessment reports

    Structured risk assessment output ready for your board, your insurer, or your auditor. Generated from the live register, not assembled manually. Always current, always consistent.

    SMB1001 risk control mapping

    Every risk in your register mapped to the SMB1001 controls that address it. Treat the risk, close the control gap. The platform connects the two so your security investment always moves both forward.

    Also in the platform

    Compliance Frameworks

    SMB1001, ISO 27001 and NZISM: managed in one place.

    Policy Management

    Policies that work as evidence, not just documents.

    Executive Reporting

    AI-generated reports from your live platform data.

    A risk register your board will actually trust.

    Get started with the CyberGrape Platform and have your first risk assessment running today.

    Platform overview