12 Cybersecurity Questions for Organizations in 2024
Based on the National Cybersecurity Alliance, Awareness Month 2024 Kick-Off Video.
My mind is deep in cybersecurity survey mode, so after watching the Kickoff video for Cybersecurity Awareness Month in October from the National Cybersecurity Alliance channel, I felt inclined to create a 12-question survey, based on the relevant topics.
Asking the right questions is the first step in finding the right solution.
Here are 12 topics with associated open-ended questions you can ask in order to gauge security culture from a human perspective.
1. Shared Responsibility and Collaboration
Primary Question: To what extent do you believe cybersecurity is a shared responsibility among all employees, not just IT?
Follow-up: What actions do you take personally to contribute to the organization's cybersecurity efforts?
2. Importance of Basic Cyber Hygiene
Primary Question: How often do you update your passwords and software as per company guidelines?
Follow-up: What challenges do you face in keeping up with password or software update requirements?
3. Awareness vs. Action
Primary Question: How likely are you to take action if you suspect a cybersecurity threat (e.g., report phishing, notify IT)?
Follow-up: What barriers, if any, might prevent you from reporting a suspected cybersecurity threat?
4. Cybersecurity Best Practices Adoption
Primary Question: How confident are you in using secure methods like MFA and password managers?
Follow-up: Do you feel these secure methods are easy to use, or do they add complexity to your daily work?
5. Secure by Design and Secure by Default
Primary Question: Are security features integrated into your daily tools and work processes?
Follow-up: Have you ever experienced a situation where these security features hindered your work, and how was it resolved?
6. Training and Awareness
Primary Question: How often do you participate in cybersecurity training? Are these programs relevant and engaging?
Follow-up: What improvements could be made to make cybersecurity training more engaging or relevant to your role?
7. Insider Threats and Human Error
Primary Question: How confident are you in recognizing cybersecurity threats like phishing?
Follow-up: What additional support or training would help you feel more confident in identifying cyber threats?
8. Secure Culture at the Leadership Level
Primary Question: Do you believe senior management prioritizes cybersecurity as part of the company strategy?
Follow-up: Can you recall a specific instance when senior management communicated about cybersecurity effectively?
9. Handling Sensitive Data
Primary Question: Do you understand your role in protecting sensitive data and the impact of a security incident?
Follow-up: What additional resources or support would help you better understand your responsibilities regarding data protection?
10. Incident Response Readiness
Primary Question: Would you know how to report a suspicious email or activity?
Follow-up: Have you received clear guidelines or training on the steps to take when reporting incidents?
11. Comfort with Emerging Technologies (e.g., AI)
Primary Question: Are you confident in understanding the security risks associated with new technologies like AI?
Follow-up: What information or training would help you feel more prepared to handle security risks related to new technologies?
12. Personal Accountability and Empowerment
Primary Question: Do you feel you have the tools and authority to act if you identify a cybersecurity threat?
Follow-up: What additional tools or support would make you feel more empowered to address potential cybersecurity threats?
Watch the full video using this link: