Support

External security monitoring is continuous scanning of publicly exposed systems, domains and email configurations to identify vulnerabilities before attackers exploit them.

You will receive a confirmation email with a payment link. Once payment is complete you can activate your account, configure your domain, and upload your employee list. Your first scan will be scheduled automatically.

No. Simulated phishing emails are completely harmless. No malware is delivered and no real credentials are captured. Employees who click are shown an awareness landing page explaining the test.

We store contact details, domain configuration, and scan results. All data is handled in accordance with GDPR and our Privacy Policy. Scan results are retained for 12 months. You may request deletion at any time.

You can cancel at any time by contacting us at exposureindex@evolvecybersec.se. Your access will continue until the end of your current billing period and you will not be charged again.

Our platform and operations are aligned with ISO 27001, GDPR, NIS2, SOC 2, and NIST SP 800-53. The reports we generate can be used as evidence in compliance audits and risk assessments.

European initiatives such as NIS2 compliance assessments and tools provided by ENISA — including SME cybersecurity maturity assessments — primarily focus on governance, policies, and organisational cybersecurity processes. ExposureIndex analyses what attackers can see and potentially exploit from the outside. Many organisations use ExposureIndex alongside NIS2 compliance efforts to ensure that internal security controls translate into measurable, externally visible protection.