Cyber Security in your Organisation Question Title * 1. How frequently does your organisation conduct cybersecurity training for all staff? Once a year Twice a year Quarterly We do not conduct cybersecurity training None of the above Question Title * 2. Does your organisation have a defined process to identify and mitigate cyber threats? Yes, we regularly identify and mitigate cyber threats We have a process but it's not consistently followed No, we do not have a defined process Unsure Question Title * 3. Does your organisation have a disaster recovery plan in case of a major cybersecurity breach? Yes, we have a comprehensive disaster recovery plan We have a basic plan but it has not been tested No, we do not have a disaster recovery plan Unsure Question Title * 4. How frequently does your organisation update and patch its systems? Monthly Quarterly Once a year Rarely or Never Question Title * 5. Does your organisation have a dedicated cybersecurity team or cybersecurity service provider? Yes, we have a dedicated in-house team We have a third-party service provider No, we do not have a dedicated team or service provider Unsure Question Title * 6. Is your organization aware of and compliant with the relevant industry cybersecurity standards and regulations? ISO/IEC 27001: Information Security Management NIST Cybersecurity Framework PCI DSS (Payment Card Industry Data Security Standard) GDPR (General Data Protection Regulation) for organisations operating in the EU No, we are not aware of these standards Unsure Other Question Title * 7. How often does your organisation perform vulnerability assessments and penetration testing? Regularly (every 3 months or less) Occasionally (once or twice a year) Rarely (once every couple of years) Never Question Title * 8. Does your organization have a designated Chief Information Security Officer (CISO) or equivalent role? Yes, we have a full-time, in-house CISO We have a part-time or outsourced CISO No, we do not have a designated CISO Unsure Question Title * 9. Do you have a policy in place for managing third-party risks related to cybersecurity? Yes, we have a comprehensive third-party risk management policy We have a basic policy but it's not consistently enforced No, we do not have a third-party risk management policy Unsure Question Title * 10. How does your organisation manage user access controls and permissions? We follow the principle of least privilege (PoLP) and regularly review and update access controls We have set access controls but they are not regularly reviewed or updated Access controls are loosely managed or not managed at all Unsure Page1 / 2 50% of survey complete. Next