Have you ever experienced a cyber-attack?

In the event of abnormal activities detected in your company’s IT/OT systems, are there predefined emergency action steps in place?

Are you familiar with the regulatory requirements relevant to your company regarding cybersecurity and privacy?

Are you aware of your role's potential criminal, legal, and personal exposure risks resulting from cyber events?

Have you assessed the company's recovery time following a cyber-attack?

Have you assessed costs and short/long-term damages caused by a cyber crisis?

Are all departments within your company aware of the consequences of a cyber event on overall business activities? Do they understand their responsibilities during such a crisis?

Does your company have a retention plan to prevent client abandonment during a cyber crisis?

Are you prepared to manage a reputation crisis resulting from a cyber-attack?

Is there a cross-organizational emergency protocol established for managing a cyber crisis?

Does the company employ a professional negotiator capable of negotiating with cyber attackers?

Are you equipped with various technological tools to assist with post-attack recovery?

On a scale of 1 to 5, how prepared is your organization to handle a cyber crisis?