Sirelark Divider Graphic
Divider graphic

Cyber-Risk Exposure Calculator

In recent years, cyber-attacks have emerged as one of the most significant threats facing organisations of all sizes. The internet and other network operations have created risks that were unheard of less than a decade ago. When cyber-attacks (such as data breaches and hacks) occur, they can result in devastating damage, such as business disruptions, revenue loss, legal fees, forensic analysis, and customer or employee notifications.

It is important to remember that no organisation is immune to the impact of cyber-crime.
As a result, cyber-liability insurance has become an essential component to any risk management programme.

Instructions – Begin by answering the questions below. Each response will be given a numerical value depending on the answer:

YES – 5 Points

UNSURE – 5 Points

NO – 0 Points

After completing all the questions, total your score to determine your organisation’s level of cyber-risk using the scale below:

1. Does your organisation have a wireless network, or do employees or customers access your internal systems from remote locations?
2. Does anyone in your organisation take company-owned mobile devices (eg laptops, smartphones and USB drives) with them, either home or when travelling?
3. Does your organisation use cloud-based software or storage?
4. Does your organisation have a ‘bring your own device’ (BYOD) policy that allows employees to use personal devices for business use or on a company network?
5. Are any employees allowed access to administrative privileges on your network or computers?
6. Does your organisation have critical operational systems connected to a public network?
7. Does anyone in your organisation use computers to access bank accounts or initiate money transfers?
8. Does your organisation store sensitive information (eg financial reports, trade secrets, intellectual property and product designs) that could potentially compromise your organisation if stolen?
9. Does your organisation digitally store the personally identifiable information (PII) of employees or customers? This can include government-issued ID numbers and financial information.
10. Is your organisation part of a supply chain, or do you have supply chain partners?
11. Does your organisation conduct business in foreign countries, either physically or online?
12. Has your organisation ever failed to enforce policies around the acceptable use of computers, email, the internet, etc?
13. Can the general public access your organisation’s building without the use of an ID card?
14. Is network security training for employees options at your organisation?
15. Can employees use their computers or company-issued devices indefinitely without updating passwords?
16. Has your IT department ever failed to install anti-virus software or perform regular vulnerability checks?
17. Can employees dispose of sensitive information in unsecured bins?
18. Would your organisation lose critical information in the event of a system failure or other network disaster?
19. Can employees easily see what colleagues are doing on their computers?
20. Has your organisation neglected to review its data security or cyber-security policies and procedures within the last year?


HIGH RISK – 30-50


LOW RISK – 0-10

Latest blog posts