Cyber Security Our Cyber Security Readiness Survey will.... Your Name Business Name Email Phone Number What is your organization’s industry? BankingCommunicationsEducationGovernment (Local, State, or National/Federal Agencies)HealthcareInformation Technology (Software, Hardware, IT Services)InsuranceManufacturingMedia and EntertainmentProfessional ServicesResource IndustriesRetail/HospitalitySecurities or other Financial ServicesTransportationUtilitiesWholesaleOtherWhat is your organization’s primary location?How many people does your organization employ worldwide, including all branches and subsidiaries? Fewer than 1,000 employees1,000 to 4,999 employees5,000 to 9,999 employees10,000 employees or moreHow would you rate your company’s current level of IT security? Do not know – security has never been an issue and we do not track itNot at all secureRelatively secure comparable to our peersExtremely secureBest-in-classWhich of the following statements characterize your organization’s overall approach to IT security? (please check all that apply): We deal with security issues and threats on an as-needed, ad hoc manner, always responding to and working to keep up with the needs of the moment. We work to understand current security threats and build a security infrastructure to counter them. Maintaining compliance with industry standards (such as NIST, PCI, or HIPAA) ensures we have appropriate levels of security in place. Security is an iterative, never-ending process of understanding and identifying new threats and putting in place appropriate defenses against them. We depend on outside experts such as managed security service providers to help us maintain appropriate levels of security. We rely on our own in-house expertise to help us maintain appropriate levels of security.What percent of your organization’s overall IT budget are you spending on normal operations for security? (Including all hardware, software, and services. Excluding expenses related to breaches and employee salaries) .1% - 5%6% - 10%11% - 20%21% - 25%More than 25%By what percent do you expect it to increase next year? 0% - 15%16% - 25%26% - 35%More than 36%Please indicate which of the following solutions your organization is currently using, deploying or will be deploying during the next 12 months. (Please check all that apply) Network Security Endpoint Security Messaging Security Web Security Identity and Access Controls Mobile Security Distributed denial of service (DDOS) Vulnerability Management Data Security Computer Forensic Tools Compliance Management Software Other (specify) NoneDoes your organization use or plan to implement within the next 12 months any of the following advanced security technologies or services? (Please check all that apply) Advanced Persistent Threats detection and mitigation Software as a Service (SaaS) security for web, email, identity, vulnerability management Cloud Applications Security Brokers (CASB) or cloud security gateways for securely managing other SaaS applications Virtualized Security Security solutions for Internet of things Other (specify) NoneOver the past two years, on average how frequently did your company perform an end-to-end review of its IT Security policies? NeverOnce per year or lessTwo times per yearQuarterlyMonthly or more frequentlyHow many of those reviews led to substantive changes in your company’s IT Security policies? NoneFewer than half but more than zeroHalf or more but not allEach review led to a substantive IT Security policy changesHow frequently does your organization perform independent/third party risk assessments or penetration testing? NeverOnce per year or lessTwo times per yearQuarterlyMonthly or more frequentlyHow frequently does your company perform substantive updates to, or upgrades to its security solutions to take advantage of new technologies and advancements? NeverOnce per year or lessTwo times per yearQuarterlyMonthly or more frequentlyOver the past 3 years, how has the number of security breaches in your organization changed? Increased by more than 10%Increased by less than 10%Stayed the sameDecreased by less than 10%Decreased by 10% or moreWhich of the following best characterizes the level of attention your company’s senior executives (CEO, CFO, COO, CMO, etc. – not IT executives/CIO/CISO) pay to enterprise IT security? Do not pay attention/are very hands-off with no updates and fully delegate to IT for management. Pay a little attention/senior executives require infrequent (quarterly or less frequent) updates and leave most management of security to IT executives. Pay moderate attention/senior executives require monthly status updates and monitor at a high level, but delegate day-to-day management to IT executives. Pay close attention/senior executives require weekly updates and direct monitoring, partnering with IT executives for day-to-day management. Pay very close attention/senior executives require daily status updates and monitor it at a direct, hands on level.