Cybersecurity Awareness Risk Assessment Answer the questions below to assess your organization’s cybersecurity training maturity. 1. What type of cybersecurity awareness training do you provide? — Select — No training at all One-time onboarding only Annual training Quarterly training Ongoing with simulations & updates 2. How is training tailored to different roles? — Select — Same content for all roles Some differentiation Fully customized per role 3. How do you measure training effectiveness? — Select — No measurement Basic post-training quiz Regular assessments / phishing tests Phishing + knowledge checks + behavior tracking 4. How do you train new hires and ensure refreshers? — Select — No formal onboarding or refreshers Irregular / upon request Onboarding only Onboarding + annual refreshers Onboarding + regular refreshers 5. Does your training support compliance (ISO 27001, SOC2, etc)? — Select — Not aligned with any frameworks General mention only Aligned with one framework Mapped to multiple frameworks 6. Do you simulate phishing or social engineering attacks? — Select — Never Occasionally, not tracked Regular simulations Regular + adaptive 7. Are employees trained on incident reporting procedures? — Select — No training Mentioned during onboarding only Annual refresher + written SOP Clear SOP + simulated drills 8. How do you handle emerging threats in training? — Select — No updates made Only after incidents Reviewed annually Monitored + updated regularly 9. Do you measure behavior change post-training? — Select — No tracking Aggregate data only Individual behavior tracked Department + individual tracked 10. How involved is leadership in cybersecurity awareness? — Select — No involvement Same training as staff Executive-specific content Leadership champions awareness Get My Risk Score
