check

Cybersecurity doesn't have to be complicated, but it does have to be intentional.

This assessment will help you quickly identify your organization’s strengths and blind spots across three key areas: People, Processes, and Technology.

Each question is designed to spark awareness and guide you toward simple, actionable next steps.

Goal: By the end of the assessment, you’ll know where you’re strong, where you’re vulnerable, and how to build a more cyber-ready culture.

When you're ready, click the START button below.

Start

Section 1: People - Your First Line of Defense

Your employees are your greatest asset and your greatest risk. 
The following questions measure how consistently your team follows everyday cybersecurity habits.

Question 2 of 28

Do all employees receive cybersecurity awareness training at least once per year?

A

Yes

B

No

C

Not sure

Question 3 of 28

Do new hires complete a security onboarding module within their first 30 days?

A

Yes

B

No

C

Not Sure

Question 4 of 28

Are phishing simulations or awareness campaigns conducted at least quarterly via emails or other channels?

A

Yes

B

No

C

Not sure

Question 5 of 28

How confident are you in your employees’ ability to identify and report suspicious emails or messages?

A

Very confident

B

Somewhat confident

C

Not confident at all

Question 6 of 28

How confident are you that your employees use strong, unique passwords and multi-factor authentication?

A

Very Confident

B

Somewhat confident

C

Not confident at all

Question 7 of 28

How often are cybersecurity topics discussed in regular team meetings and company communications?

(Select all that apply)
A

Weekly

B

Bi-Weekly

C

Monthly

D

Quarterly

E

Semi-Annually

F

Annually

G

Never

Question 8 of 28

How would you describe your company's culture around cybersecurity awareness?

Consider things like: Do you reinforce expectations via emails or other channels (e.g., email signature reminders, leader messages, celebrating security wins)? Are employees generally aware of cyber risks? Or is awareness inconsistent because it hasn't been a focus yet?

 

SECTION 2: Process — Policies, Planning, and Preparedness

Strong processes keep your team aligned and your data protected. In this section, you'll identify the policies, plans, and preparedness activities you currently have in place.

Question 10 of 28

Our company currently has the following policies, plans, and preparedness activities in place.

(Select all that apply)
A

Written cybersecurity policies that are easy for employees to understand and access.

B

Defined processes for handling sensitive customer or financial information

C

A step-by-step incident response plan

D

Access management procedure where permissions are reviewed regularly (especially when employees change roles or leave the company)

E

Disaster Recovery Plan that includes testing backups periodically to ensure they can be restored when needed.

F

Vendor/Third Party Compliance - Vendors and Third Party Partners are required to follow your security standards.

G

None of the above

Question 11 of 28

All company policies are reviewed during a new hire's onboarding.

A

True

B

False

C

Not sure

Question 12 of 28

All company policies are reviewed and updated at least annually to stay in alignment with industry and technology changes.

A

True

B

False

C

Not sure

Question 13 of 28

Policies only work if people can find and use them.

How do you verify policies are being followed (audits, spot checks, phishing metrics, training completion, access reviews)?

Question 14 of 28

Are there defined consequences for repeated policy violations, and are they applied consistently?

A

Yes, consequences are documented, communicated, and applied consistently across the organization.

B

Mostly. Consequences exist, but application is inconsistent or varies by manager/department.

C

Partially. Consequences are informal or handled case by case with no consistent standard.

D

No. There is no defined consequences for repeated policy violations.

SECTION 3: Technology — Tools and Protections

Technology supports your people and processes — but only when it’s managed proactively. Which of the following are true about how your technology is managed within your organization today?

Question 16 of 28

All software is updated automatically or on a regular schedule.

A

True

B

False

C

Not sure

Question 17 of 28

All devices (including remote laptops) use antivirus and endpoint protection.

A

True

B

False

C

Not sure

Question 18 of 28

Multi-factor authentication is enabled on all critical systems.

A

True

B

False

C

Not sure

Question 19 of 28

Firewalls, routers, and Wi-Fi networks are secured with strong passwords.

A

True

B

False

C

Not sure

Question 20 of 28

Encrypted storage and secure sharing methods are used for sensitive files.

A

True

B

False

C

Not sure

Question 21 of 28

Data is regularly backed up securely (offsite or in the cloud).

A

True

B

False

C

Not sure

Section 4: Tell us just a little bit more

Tell us a little more about your cybersecurity reality.
We’ve covered the basics. Now we’d love to understand a bit more about your current environment and priorities.

Question 23 of 28

List any tools, vendors, or platforms your company currently uses.

Question 24 of 28

What processes have you implemented or what steps have you taken to increase cybersecurity risk awareness within your organization?

Question 25 of 28

What are your top cybersecurity concerns? What keeps you up at night when it comes to cyber risk or potential downtime? 

Question 26 of 28

What are your top self-identified risks currently? Any specific gaps, incidents, or “near misses” you’re aware of?

Question 27 of 28

What else would you like to share with us that might enable us to better assess your cybersecurity risk?

Free Assessment Contact Disclosure

By submitting this assessment, you authorize CyberWise Training Solutions to contact you by email and/or text message at the contact information you provide regarding your assessment request, scheduling, and related follow-up (non-marketing). Message frequency varies. Message and data rates may apply. Reply STOP to opt out of assessment/scheduling texts.

Confirm and Submit