How often do you provide staff awareness training on cyber security? *

Annually

Quarterly

Monthly

Not provided

Staff Awareness Training Frequency

Is MFA used for the following? (Select all that apply) *

Email accounts

Remote access to the network

Admin or privilege service accounts

Cloud resources, including backups

MFA is not used

Multi-Factor Authentication (MFA) Protections

How often do you back up your critical data? *

Daily

Weekly

Monthly

Rarely or never

Backup Frequency

Where are your backups stored, and how are they protected? *

On-site, not encrypted, no MFA

On-site, encrypted, no MFA

Cloud-based, encrypted, with MFA

Offsite, in a secondary data centre, encrypted, with MFA

Offline (air-gapped), immutable backups, encrypted, with MFA

Backup Storage and Security

Are your critical backups isolated from your primary network (e.g., offline or air-gapped)? *

Yes, fully offline and air-gapped

Partially isolated

No isolation

Backup Isolation

Do you have a documented incident response plan that includes cyber incidents? *

Yes, tested annually

Yes, but not regularly tested

No documented plan

Incident Response Plan

What type of endpoint protection do you use? *

Standard antivirus software

Advanced endpoint detection and response (EDR) solution

EDR with regular threat hunting and monitoring

No protection

Endpoint Protection

Is your network continuously monitored for potential security threats? *

Yes, 24/7 monitoring

Monitored during business hours only

No monitoring

Network Security Monitoring

How frequently do you apply security patches to your software and systems? *

Immediately upon release

Monthly

Quarterly

Rarely or never

Patch Management

Do you encrypt sensitive data both at rest and in transit? *

Yes, all sensitive data is encrypted

Some data is encrypted

No encryption

Data Encryption

NEXT