1. Among my organization’s risk management priorities, cyber risk is:* A top five risk The #1 risk A risk, but not in the top five Low priority Don’t Know 2. Regarding cyber risk, for each of the following, please indicate your confidence in your organization’s ability to:* Highly Confident Fairly Confident Not at All Confident Don’t know Identify and assess cyber risk Mitigate and Prevent Respond and Recover 3. Which cyber loss scenarios (max 3) present the greatest potential impact to your organization? Business Interruption Reputational damage Breach of customer information Data or software damage Extortion / ransomware Liability to third parties resulting from a system breach Disruption/interruption of industrial systems or other operational technology Loss/theft of intellectual property Contingent business interruption (supply chain) Physical property damage and/or bodily injury 4. Which functional areas are the primary owners and decision-makers for cyber risk management in your organization?* Primary Owner (select only one) Decision Maker Not Involved External Consultants / Vendors Operations Finance Legal / Compliance / Audit Board of Directors CEO / President Risk Management Information Technology 5. How does your organization measure or express cyber risk?* We have no method to measure or express cyber risk Economic quantification, based on estimated financial losses within a timeframe, such as value-at-risk modeling Numerical scores or rankings within a fixed framework Using categories such as “high/medium/low” or capability models such as “maturity levels” to benchmark against other organizations Descriptively, without using categories, numbers, or rankings Implementation tiers within the NIST cybersecurity framework Don’t know First Name* Last Name* Organization* Role / Title* Please Select CEO / President CFO CIO / CISO Other C-Suite Board Member VP / Director Other Corporate eMail Address* Phone Number* Name This field is for validation purposes and should be left unchanged. Pages: Page 1 Page 2
