Contact Information
First Name
*
Last Name
*
Email
*
Phone
*
Organization
City
State
1. Does your organization require multi-factor authentication (MFA) for email and critical systems?
Yes, everywhere
Some systems
Only Administrators
No / Not sure
2. How are passwords managed across your organization?
*
Company password manager with unique passwords
Employees manage their own passwords
Mostly reused passwords / browser saved
Not sure
3. If ransomware hit today, could your company recover its data?
No reliable backups
Backups exist but are rarely checked
Backups exist but recovery is uncertain
Backups tested occasionally
Backups tested regularly with documented recovery plans
How is sensitive business data protected?
No formal data protection controls
Limited controls or ad-hoc protections
Strong access controls and encryption used
Comprehensive data protection and monitoring
Are your systems monitored for suspicious activity or cyber threats?
No monitoring
Basic antivirus only
Security tools exist but not actively monitored
Active monitoring of endpoints and systems
Advanced monitoring with threat detection and response
6. How often do employees receive cybersecurity awareness training?
Never
Rarely
Once per year
Multiple times per year
Ongoing training and simulated phishing programs
7. Does your organization have a documented cyber incident response plan?
No plan
Informal process
Basic written plan
Documented plan reviewed periodically
Plan regularly tested and updated
8. How does your company evaluate the cybersecurity practices of vendors or partners?
No vendor security evaluation
Limited awareness of vendor risks
Occasional vendor security review
Standard vendor evaluation process
Formal vendor risk management program
9. Are employees currently using AI tools (ChatGPT, Copilot, etc.)?
Yes without any oversight
Some employees experimenting informally
Limited approved use cases
AI tools used with internal guidelines
AI adoption guided by formal strategy and policies
10. How much of your business currently uses automation to reduce manual work?
No automation used
Very limited automation (a few tools)
Some workflows automated
Multiple processes automated
Automation integrated across departments
11. How are repetitive tasks (data entry, reporting, follow-ups) handled in your organization?
Mostly manual processes
Some templates or scripts used
Limited automation tools used
Several workflows automated
Fully automated workflows where possible
12. Does your organization actively evaluate opportunities to automate processes?
No focus on automation
Occasional discussion but no action
Some automation initiatives
Regular evaluation of automation opportunities
Automation strategy is part of leadership planning
13. Does your company have policies governing AI usage and protecting sensitive data?
No policy and no guidance
Employees decide individually
Informal guidelines exist
Documented AI usage guidelines
Comprehensive AI governance and security policies
14. Who is responsible for evaluating or guiding AI adoption in your organization?
No one
Informal interest but no leadership
Shared responsibility among leadership
Designated internal lead
Dedicated strategic leadership or advisor
15. When was the last time your company reviewed its cybersecurity strategy?
Never
Over 3 years ago
Within the last 2–3 years
Within the last year
Ongoing security strategy reviews
16. How confident are you that your business could withstand a cyberattack?
Not confident at all
Significant concerns
Somewhat confident
Mostly confident
Very confident with strong protections
