Get Your 2-Minute Cyber Risk Score — No Sign-Up Required!

Answer these questions to see both your overall security posture and domain-specific strengths/weaknesses.

Select Your Industry (optional):

1. Do you have formal cybersecurity policies that are reviewed annually?
   Yes, comprehensive & up-to-date
   Some policies, not regularly reviewed
   No written policies
2. Are employees required to complete annual security awareness training?
   Yes, mandatory for all staff
   Training provided but not enforced
   No formal training
3. How frequently do you run vulnerability scans on your network?
   Monthly or more often
   Once or twice a year
   We do not run vulnerability scans
4. Do you have a process for patching critical vulnerabilities within 30 days?
   Yes, we adhere to a strict patch SLA
   We patch occasionally but no strict timeline
   We rarely or never patch promptly
5. Are third-party software and devices evaluated for security risks?
   Yes, we have a vendor risk process
   Some checks, but not consistent
   We trust vendors without thorough checks
6. Do you conduct penetration tests at least annually?
   Yes, external + internal tests yearly
   Occasional or ad-hoc tests only
   Never performed a pen test
7. Do you have an Incident Response (IR) plan that’s tested regularly?
   Yes, documented + tested plan
   We have a plan, but rarely test it
   No formal IR plan
8. Does your organization use multi-factor authentication (MFA) for critical systems?
   Yes, MFA is required for all critical accounts
   MFA is partially implemented
   No MFA in place
9. Are backups performed regularly and stored offsite or in the cloud?
   Yes, automated & tested backups
   We back up but rarely test restores
   No regular backups/offsite copies
10. Have you mapped and classified sensitive data to ensure compliance (PCI, HIPAA, GDPR)?
    Yes, classification is thorough
    Partial data classification
    Not really or unsure

Interested in a detailed assessment or consultation?