contact Search
Search

Cyber risk management health check

With the cyber threat landscape continually shifting and attacks becoming more sophisticated, it’s becoming harder to identify the most pressing risks and take decisive action to mitigate them. ​

​Ensuring you have an effective way of managing your cyber risk and resilience that is understood and endorsed by senior leadership is critical to success. Use our quick and easy online health check to see if you are managing your cyber risk effectively within your organisation.

1
A. Your cyber goals
2
B. Your cyber operating model and delivery
3
C. Your governance and oversight of cyber risk
4
See your results

A. Your cyber goals

  1. You understand the critical business services that create value for your organisation, and you have identified/defined the critical processes, data and technology (applications and cloud/infrastructure assets) that underpin them. 

    Strongly disagree Strongly agree
    Please make a selection
    N/A
  2. Your cyber risk appetite is defined in specific, objective and measurable terms. For example, you have defined the levels of financial, operational, reputational and compliance-related impact that you’re prepared to tolerate. 

    Strongly disagree Strongly agree
    Please make a selection
    N/A
  3. Your enterprise-level cyber risks are defined in business-outcome terms, and you have a sensible number of cyber risks that are reported on. (Hint: One is too few to distinguish between the different outcomes possible from a cyber-attack, >10 is too many to digest and manage at the executive level).  

    Strongly disagree Strongly agree
    Please make a selection
    N/A
  4. You have clearly defined target risk positions for each of your cyber risks that are understood and endorsed by your senior leadership team (your executive team and Board).

    Strongly disagree Strongly agree
    Please make a selection
    N/A
  5. You have a clearly defined and funded cyber strategy and roadmap that sets-out the major control remediation initiatives required to achieve your target risk positions, as well as how and when you will deliver them. 

    Strongly disagree Strongly agree
    Please make a selection
    N/A
  6. Your cyber strategy is explicitly linked to and incorporated within your organisation’s business strategy. 

    Strongly disagree Strongly agree
    Please make a selection
    N/A