Cyber Risk Clarity Check

Built for leadership, not technical teams

This is meant for owners, executive directors, practice leaders, operations leaders, and decision-makers who need a clear read on business risk, not a flood of technical jargon.

Designed to surface real business pressure

The questions focus on ownership, evidence, insurance readiness, incident readiness, and whether leadership can defend what is actually in place when someone asks hard questions.

No software pitch attached

This is an advisory-led readiness screen. The goal is to help you get your bearings and identify sensible next steps, not funnel you into managed services or another tool purchase.

When this helps

Before cyber insurance renewal, underwriting questions, or carrier pressure
Before a board, donor, lender, client, or leadership discussion
When IT is doing work, but leadership still does not know what can be proven
When policies, procedures, and evidence may not be keeping up with operations
When rapid growth, vendor changes, or business disruption have outpaced structure

What this is not

Not a diagnostic tool or compliance guarantee
Not a replacement for a formal review or advisory engagement
Not a sales trap for software or managed services
Not a substitute for legal, regulatory, or insurance advice

This check is educational and informational. It is designed to help leadership identify likely risk and readiness themes worth discussing further.

Answer 10 quick questions

Choose the answer that best reflects your organization today. If you are unsure, answer honestly. Uncertainty is useful signal.

0% complete

Which best describes your organization?*

We use this only to tailor the result language and follow-up. It does not change your score by itself.

What is driving this review right now?

This helps tailor the business context in the results. It does not change your score by itself.

1. Cybersecurity ownership and governance

Does your organization have a named person who clearly owns cybersecurity decision support, coordination, and accountability?

This is not your IT provider alone. It means someone inside leadership can own decisions, support escalation, and keep accountability from getting fuzzy.

Yes, clearly defined Partially, but ownership is informal or split No or not sure

2. Policies and procedures

Are your core security policies and procedures documented, current, and usable by the people who need them?

Yes, documented and maintained Some exist, but they are incomplete or outdated No or not sure

3. Multi-factor authentication

Is multi-factor authentication required for business email, remote access, and key business systems?

Yes, broadly enforced In some places, but not consistently No or not sure

4. Backups and recovery confidence

Do you know critical systems and data are backed up, protected, and recoverable within a reasonable timeframe?

The real issue is not just whether backups exist. It is whether recovery is realistic when operations, payroll, or patient care are disrupted.

Yes, and recovery has been validated Backups exist, but recovery confidence is limited No or not sure

5. Incident response readiness

If payroll, email, or operations were disrupted tomorrow, would leadership know who decides what, who to call, and what to do first?

Yes, roles and actions are clear Some of it is known, but not formalized No or not sure

6. Vendor and third-party risk

Do you have a practical way to evaluate vendors or service providers that handle sensitive systems, data, or critical operations?

Yes, there is a defined process Informally, case by case No or not sure

7. Security awareness and basic practices

Do employees receive practical guidance on phishing, password hygiene, and suspicious activity reporting?

Yes, with regular reinforcement Some guidance exists, but it is inconsistent No or not sure

8. Evidence and documentation

If an insurer, auditor, donor, customer, or regulator asked for proof of controls, could your organization produce it without scrambling?

Evidence can include policies, screenshots, logs, tickets, training records, reports, or other support you could actually produce when asked.

Yes, evidence is organized and accessible Some evidence exists, but gathering it would be painful No or not sure

9. Leadership visibility

Does leadership get a clear, plain-language view of cyber risk and priority decisions rather than mostly technical updates?

Yes, regularly Sometimes, but not consistently No or not sure

10. Insurance and compliance pressure

Could your organization confidently answer a typical cyber insurance, compliance, or customer security questionnaire today?

Yes, with confidence Partially, but gaps would show quickly No or not sure

What happens next

Your result is meant to help you get your bearings. If the output shows gaps in ownership, documentation, evidence, or decision readiness, the right next step is usually not to buy another tool. It is to clarify accountability, confirm what is actually in place, and build a defensible roadmap leadership can stand behind.

Schedule an advisory conversation Explore Cybersecurity Risk Assessments

Built for leadership, not technical teams

Designed to surface real business pressure

No software pitch attached

When this helps

What this is not

Answer 10 quick questions

Your result

What this likely means

Where pressure is likely to show up first

Leadership visibility gaps

Control gaps

Start with these conversation topics

Priority concerns that should not wait

What leadership should do in the next 30 days

Recommended next step

Email yourself the executive summary

What happens next