Managing cyber risks is important for many reasons: aside from the direct losses incurred through cyber attacks, the Privacy Act 1988 in Australia and the EU General Data Protection Regulation (GDPR) imposes severe penalties on companies that are not compliant.
The only way to understand your cyber risks is measuring and monitoring them over time. Created by a panel of world experts in cybersecurity, the 100 Point Cyber Check TM provides an easy, reliable way to diagnose cyber problems from a legal, regulatory, business operations and technical perspective.
Once you complete the 100 Point Cyber Check TM, we will provide you with a diagnosis and referral to remedy any deficiencies in your cyber security programme through our extensive range of solution partners.
The 100 Point Cyber Check is available for your free internal use under a CC BY-NC-ND license - https://github.com/pwatters/100PointCyberCheck
The 100 Point Cyber Check was developed as part of a research project in cyber risk assessment for small business at Melbourne's La Trobe University. The intellectual property in the 100 Point Cyber Check was then licensed to Cyberstronomy Pty Ltd, a company which provides cyber assurance and third-party R&D services covering the whole spectrum of product and service development in cybersecurity.
In our initial cohort, the average score was 56.9%, and it took on average 26 mins 53 secs to complete the Check. Some specific criteria are summarised below:
Cyber budgets - 21% had a cyber budget < $1,000, 50% between $1,000 and $10,000, with 14% at $1,000,000 and above. That's quite a range!
43% had a CISO (wow!) but 57% had no-one (sad).
The lowest test score was 31% (bad), the highest was 79% (outstanding). The best result was achieved with a budget of $1,000-$10,000; the worst score had a budget of $100-$1,000.
Industry sectors included IT (50%), health care (14%), financials (14%), consumer staples (21%) and industrials (7%).
So - in summary - the average SME so far is scoring just above 50%, which is not a fantastic outcome.