Cyber Risk Calculator

1. Access and User Security

Is MFA required for all users? *

Employees should provide a second form of authentication, like a code sent to their phone, when accessing Cloud services such as Microsoft 365. Without MFA, accounts are at higher risk of being compromised.

Yes No Don’t know

Are employee accounts regularly reviewed to remove unnecessary privileges and leavers? *

Employees should only have the access they need, and accounts for those who have left the company must be removed. Keeping outdated or excessive permissions increases security risks.

Yes No Don’t know

Are there separate Administrator and Standard User accounts? *

Employees with administrative privileges should have a dedicated admin account instead of using their everyday login. Using a separate account for admin tasks reduces the risk of privilege misuse and credential theft.

Yes No Don’t know

Is there monitoring and alerting in place to detect potential threats? *

The organisation should have security measures in place to identify logins from unusual locations or anonymous VPN's and take action, such as alerting admins or disabling the account. Without this attackers could access systems unnoticed and escalate an attack.

Yes No Don’t know

Are emails scanned for malicious links and attachments? *

Emails should be automatically scanned for malicious content like phishing links, malware, or spam without purely relying on the email vendor security (such as 365 only). Without email security measures, employees are more vulnerable to cyber threats.

Yes No Don’t know

2. Device and Network Security

Are firewall rules reviewed and updated regularly? *

The business should ensure firewall security patches are applied promptly. Firewalls help block unauthorised access, and outdated ones can be exploited by attackers.

Yes No Don’t know

Is guest WiFi separate from corporate systems? *

Guests and visitors should be restricted to a different Wi-Fi network from company systems. If guests can connect to internal networks, they could accidentally or intentionally compromise security.

Yes No Don’t know

Are workstations and all third-party applications (such as Chrome and other installed software) patched and updated on a regular schedule? *

Regularly applying updates to both operating systems and third-party software is essential because unpatched systems are common targets for hackers.

Yes No Don’t know

Is there an up-to-date inventory of all IT assets? *

Organisations should keep track of all IT assets, including devices and software. Without an inventory, it's harder to manage updates, security patches, and risks.

Yes No Don’t know

Can you isolate devices to prevent the spread of ransomware? *

If ransomware is detected on one device, it should be quickly cut off from the network to prevent it from spreading. Without isolation measures, ransomware can rapidly infect multiple systems.

Yes No Don’t know

Is antivirus software standardised across all servers and workstations? *

The same antivirus software should be deployed consistently across the business. Using different antivirus solutions can create security gaps and make management more complex.

Yes No Don’t know

3. Data Protection

Are critical systems backed up to an offsite location regularly? *

All critical data, including Cloud services like SharePoint, should be backed up and stored securely to protect it from loss or ransomware attacks. Without backups, data loss could be irreversible.

Yes No Don’t know

Do you regularly test backup restoration? *

Backups should be tested regularly to confirm they can be restored when needed. A backup is useless if it fails when recovery is required.

Yes No Don’t know

Is there a documented disaster recovery plan? *

Organisations should have a disaster recovery plan that enables it to resume operations quickly after an incident. Without one, recovery could take weeks or months.

Yes No Don’t know

4. Governance and Awareness

Do employees receive regular cybersecurity awareness training? *

Employees should be regularly trained to recognise cyber threats like phishing, ransomware, and social engineering. Without training, employees are more likely to fall for scams.

Yes No Don’t know

Are phishing simulation exercises conducted regularly? *

Employees should be periodically tested with fake phishing emails or similar exercises to measure and improve their awareness. Regular testing helps reinforce security training.

Yes No Don’t know

Are regular cybersecurity risk assessments conducted? *

Organisations should regularly evaluate its security risks and implement measures to reduce them. Without assessments, vulnerabilities may go unnoticed.

Yes No Don’t know

Does your organisation have cyber insurance? *

Organisations should have cyber insurance and comply with its security conditions. Failing to meet these conditions could result in a rejected claim.

Yes No Don’t know

Is there a documented cybersecurity policy that employees must acknowledge? *

Employees should formally acknowledge and agree to follow security policies, including password management and personal device usage. Without clear policies, employees may unknowingly create security risks.

Yes No Don’t know

Is there a policy to prevent the use of unapproved devices and software? *

Personal or unmanaged devices should not be used to access company data. Allowing unapproved devices increases security risks, as these devices may lack necessary security controls.

Yes No Don’t know

5. Get Your Results

Enter your details to view your complete cyber risk assessment.

Contact Information

Name

Email

Telephone

Are you an existing customer?

Yes No

Your Cyber Risk Assessment Complete!

Next Steps

Our cybersecurity experts can help you address any vulnerabilities identified in your assessment and strengthen your security posture.

Request discovery call with Cyber expert

Want to Try Again?

You can restart the assessment to test different scenarios or update your answers.

Are you at risk?

Cyber Risk Level

1. Access and User Security

2. Device and Network Security

3. Data Protection

4. Governance and Awareness

5. Get Your Results

Your Cyber Risk Assessment Complete!

Next Steps

Want to Try Again?

Your Name

Your Email

Company Name

Your Phone Number

Your Message

Thank you, your request has been successfully received.
We will get back to you shortly.

Click here to go back

Southern Communications Corporate Solutions Ltd t/a SCG Corporate

Are you at risk?

Cyber Risk Level

1. Access and User Security

2. Device and Network Security

3. Data Protection

4. Governance and Awareness

5. Get Your Results

Your Cyber Risk Assessment Complete!

Next Steps

Want to Try Again?

Request a Call

Your Name

Your Email

Company Name

Your Phone Number

Your Message

Thank you, your request has been successfully received. We will get back to you shortly.

Click here to go back

Southern Communications Corporate Solutions Ltd t/a SCG Corporate

Thank you, your request has been successfully received.
We will get back to you shortly.