Abstract: Automated and continuous cybersecurity assessment with measurement and scoring. In an embodiment, a cyber-hygiene score is calculated based on data representing asserted cybersecurity controls within an entity system. The cyber-hygiene score indicates an extent of implementation of cybersecurity controls associated with a cybersecurity standard. In addition, automated cybersecurity test(s) are performed on the entity system, and a cyber-breach score is calculated based on the test scores calculated from the automated cybersecurity test(s). The cyber-breach score indicates an effectiveness of the implemented cybersecurity controls. The automated cybersecurity test(s) may comprise an inside-out controls test, and outside-in controls test, and/or a social-engineering test (e.g., phishing simulation). A cybersecurity assessment is generated based on the cyber-hygiene score and the cyber-breach score.