Cybersecurity Survey Questionnaire 2020
Has your organisation lost money to cybercrime incident in the last 12 months?
How much was lost per incident?
10 million or less
50 million or less
100 million or less
More than 100 million
What were the steps that your organization took in response to the cyber attack incident?
Did nothing, kept silent and accepted the loss
Reported the data breach to the law authorities, including Police
Performed a Business Impact Analysis and assessed the level at which the attack affected the business
Commissioned cyber incident response procedures to limit the damage.
Is your IT security team specifically for threat intelligence and analysis in-house or outsourced?
Which of the following are the common threats and attack vectors to your cybersecurity setup (tick all that apply)?
Weak and or compromised credentials
Malicious insiders and or former employees and service providers
Missing or poor encryption
Social engineering including phishing
Technical vulnerabilities including zero-day exploits, trojans, cross-site scripting, session high jacking and man-in-the-middle
Tick all that apply
How frequently do you test (both internally and externally) the operating effectiveness of the controls implemented in key applications and databases?
Once in two years
How do you assess the data integrity, completeness, and accuracy of your business transactions and records for revenue assurance?
Through applications system reviews (both core and other systems) by the IT and or internal audit team on-going
Through penetration testing and security assessments of all systems by independent security assessors once a year
No assessment of data integrity, completeness and accuracy of business transactions and records for revenue assurance is done
Through daily/weekly transaction reconciliations by the Finance and IT team, which are also reviewed by the Internal Audit team.
Does your organization have cybersecurity insurance?
Yes, we have a cybersecurity insurance policy that has been adequately reviewed for adequacy
No. There is not a cybersecurity insurance policy that I know of
What would you say are the top two risks related to cybersecurity that your organization faces?
The proliferation of BYOD and smart devices
Cloud computing and attendant risks
Outsourcing of critical business processes to a third party (and lack of controls around third-party services)
Lack of IT Disaster Recovery and Business Continuity Plans.
Advanced persistent threats
To receive the results in your inbox, provide your details below. The information you provide is private and confidential).
Organisation and Position