Cybersecurity self-assessment

CYBER SECURITY SELF-ASSESSMENT

How safe/secure is your organisation?

Is your organisation sufficiently protected against cyber attacks? What are the most important cyber risks of your organisation? And will your organisation be able to adequately respond in case of a cyber incident?

It takes about 10 minutes on average to respond to the 25 questions of this self-assessment and to determine the cyber security maturity level of your organisation. The result will immediately be sent to you by e-mail.

Take the test

Disclaimer

The assessment data will of course be treated confidentially. If you wish, we can have a discussion on the results of the assessment afterwards.

If you explicitly agree, these data will also be used anonymously for our cyber security survey, which will allow you to compare your organisation with similar organisations. In this case, you will receive the report within a couple of months by e-mail.

If you have any questions on this cyber security assessment, feel free to contact us via ras@bdo.be.

Please consult our BDO privacy policy.

10% 10%

Hi there stranger! My name is Nick. What's your name?Nick

20% 20%

Nice to meet you, ! Before we can start with the assessment, I need to know a bit more about your organisation.Nick

What is the name of your organisation? *

What is your role within the organisation? *

How many employees work at your organisation? *

1 to 49

50 to 199

200 to 499

500 to 1999

2000 to 4999

5000 or more

Which category best defines your organisation’s primary industry? *

Construction

Education and training

Electricity, gas, water and waste services

Financial and insurance services

Health care and social assistance

Information media and telecommunications

Manufacturing

Professional, scientific and technical services

Public, non-profit

Rental, hiring and real estate services

Retail

Transport, postal and warehousing

Other

40% 40%

Thank you, ! I got all the basic info I need, let's start with the assessment.Nick

Do you have a user administration process for new employees and leaving employees? *

Yes, but not documented

A formally documented process

Are user privileges reviewed? *

Reviews are performed on an ad-hoc basis

Only administrator accounts are reviewed

All user privileges are monitored on a periodic basis

Are complex passwords enforced within the organisation? *

Less than 8 characters and no other requirements

8 characters or more, special characters, upper and lower case, numbers and required change on a periodic basis

Multi-factor authentication

Do employees, individuals or third parties have remote access to your network? *

Continuously without monitoring or tools

Remote access tools to access the corporate network from outside

Facilitated via VPN

Do you perform security awareness training? *

Only for new employees

For all employees on a periodic basis

Mandatory for all employees and management, periodically, with assessment of understanding

Are laptops of employees encrypted? *

Unencrypted

File encryption

Hard Drive encryption

Full encryption and no data stored locally

Are backups stored remotely, and if so are they properly protected? *

Not stored remotely

Yes, but physically unsecured

Yes, but unencrypted

Yes, encrypted

Are patches installed on a timely basis? *

Not monitored

Patches are installed on an ad-hoc basis

A formal patch management process is in place and covers servers, clients and security devices

Do you have a wireless Corporate network? *

Published SSID with weak password

Published SSID with complex password

Hidden SSID, complex password (+ additional measures)

Do you have a wireless Guest network? *

Yes

Yes, fully isolated with no access to internal network

No, guests connect to our corporate network

Do you have security & privacy policies? *

On-the-shelf

Approved by board, trained, signed by employees, enforced, …

Do you have a security function within your organisation? *

Security functions within the technical/IT team

Dedicated security team

Do you have an incident response and recovery plan? *

Our response team operates between business hours

Our response team is 24/7 on stand-by with an immediate response when required

Do you have an anti-virus? *

Installed on employee computers

Installed on all computers and servers

Advanced End-Point Protection

Do you protect your environment with a firewall? *

Residential grade firewall

Each network entry/exit point has a commercial grade firewall that is vendor supported

Each network entry/exit point has a commercial grade firewall that is vendor supported and configurations are reviewed on a periodic basis

Do you perform internal vulnerability scans? *

Ad-hoc

Internal vulnerability scans are running across all systems at least once a year

Yearly penetration testing is performed

70% 70%

Well done, ! I'm calculating your cyber security maturity score. I would like to finish the assessment with some general questions on cyber security.Nick

Was your organisation in the past year a victim of a cyber attack? *

Yes

I don’t know

I’d rather not disclose this information

What kind of attack was performed?

Social Engineering (phishing, invoice fraud, CEO fraud, …)

(Distributed) Denial of Service attack

Exploitation of vulnerabilities

Malware

Ransomware

Human error

Data breach

Brute force attack

Physical security breach

Theft of laptops or mobile devices

Other

What was the cost related to the cyber incident? (including spend on assistance from third party providers/services)?

Do not know / would rather not say

Less than €19,999

€20,000 to €99,999

€100,000 to €499,999

€500,000 to €999,999

€1 million to €5 million

More than €5 million

Compared to this time last year, are you more or less confident in your organisation's ability to respond to a cyber security incident and recover from any associated negative impacts?

More confident

Less confident

No difference in confidence level

Do not know / would rather not say

Does your organisation have cyber insurance?

No ‐ we were not aware of this type of insurance

No ‐ we don’t feel we need it

No ‐ we believe this risk is covered under other insurance policies we have

No ‐ we self‐insure

Not yet ‐ we are considering it

Yes ‐ we have a standalone cyber policy

Yes ‐ we have this covered as an extension to another insurance policy

Yes ‐ but do not know how the policy was arranged

Do not know / would rather not say

Is there anything else you wish to share or ask me?

100% 100%

You've reached the final step of the assessment. I will send you the results. What e-mail address can I use?Nick

Would you like to share your telephone number in case we would like to contact you about the assessment?

Can we include the results of this assessment in our overall cyber security study? Your data will be treated anonymously.

Yes, I want to contribute to this study.

Can we contact you to discuss the results of the self-assessment?

Yes, you can contact me to discuss my results.

Can I add you to the BDO Belgium mailing list, ? You're able to change this preference at any time.

Yes, keep me informed about BDO events & services. I accept the BDO Privacy Statement.