Risk & Business Magazine Spectrum Insurance Winter 2022 | Page 26

CYBER RISK SCORECARD

Cyber Risk Exposure Scorecard

Is Your Organization At Risk ?

In recent years , cyber attacks have emerged as one of the most significant threats facing organizations of all sizes . The internet and other network operations have created risks that were unheard of less than a decade ago . When cyber attacks ( such as data breaches and hacks ) occur , they can result in devastating damage , such as business disruptions , revenue loss , legal fees , and forensic analysis and customer or employee notifications . It is important to remember that no organization is immune to the impact of cyber crime . As a result , cyber liability insurance has become an essential component to any risk management program .

INSTRUCTIONS Begin by answering the questions below . Each response will be given a numerical value depending on the answer :
YES : 5 POINTS • NO : 5 POINTS • UNSURE : 0 POINTS After completing all of the questions , total your score to determine your organization ’ s level of cyber risk using the scale below .
EXPOSURE YES NO UNSURE SCORE
1 . Does your organization have a wireless network , or do employees or customers access your internal system from remote locations ? q q q
2 . Does anyone in your organization take company-owned mobile devices ( e . g . laptops , smartphones and USB drives ) with them , either home or when travelling ? q q q
3 . Does your organization use Cloud-based software or storage ? q q q
4 . Does your organization have a “ bring your own device ” ( BYOD ) policy that allows employees to use personal devices for business use or on a company network ? q q q
5 . Are any employees allowed access to administrative privileges on your network or computer ?
q
q
q
6 . Does your organization have critical operational systems connected to a public network ?
q
q
q
7 . Does anyone in your organization use computers to access bank accounts or initiate money transfers ?
q
q
q
8 . Does your organization store sensitive information ( e . g . financial reports , trade secrets , intellectual property , and product designs ) that could potentially compromise your organization if stolen ? q q q
9 . Does your organization digitally store the personally identifiable information ( PII ) of employees or customers ? This can include government-issued ID numbers and financial information . q q q
10 . Is your organization part of a supply chain , or do you have supply chain partners ?
q
q
q
11 . Does your organization conduct business in foreign countries , either physically or online ?
q
q
q
12 . Has your organization ever failed to enforce policies around the acceptable use of computers , email , the internet , etc .?
q
q
q
13 . Can the general public access your organization ’ s building without the use of an ID card ?
q
q
q
14 . Is network security training for employees optional at your organization ?
q
q
q
15 . Can employees use their computers or company-issued devices indefinitely without updating passwords ?
q
q
q
16 . Has your IT department ever failed to install antivirus software or perform regular vulnerability checks ?
q
q
q
17 . Can employees dispose of sensitive information in unsecured bins ?
q
q
q
18 . Would your organization lose critical information in the event of a system failure or other network disasters ?
q
q
q
19 . Can employees easily see what co-workers are doing on their computers ?
q
q
q
20 . Has your organization neglected to review its data security or cyber security policies and procedures within the last year ? q q q
TOTAL SCORE
MODERATE RISK : 15-25 POINTS HIGH RISK : 30-50 POINTS ESCALATED RISK : 55-100 POINTS LOW RISK : 0-10 POINTS
26