Menu
Region
Ready to get started? Contact us.

Security maturity assessment

Find the cyber risks that need attention first.

A short self-assessment for organisations that need a practical view of security maturity, operating gaps, and where improvement work should start.

Start the assessment Explore cybersecurity
Score risk, strategy, access, awareness, privileged access, monitoring, resources, and recovery
Visualise turn responses into a maturity chart that makes weak areas visible
Act use the result to frame a practical security improvement conversation
How it helps

A fast way to separate concern from priority.

The questions are not trying to replace a full audit. They create a first-pass view of where controls, operating discipline, or recovery readiness may need deeper attention.

Risk and governance Check whether cyber risk is actively identified, owned, reviewed, and governed.
Access and privilege Surface gaps in access management, authentication, provisioning, and elevated account controls.
Monitoring and recovery Understand whether response, reporting, resources, vulnerability management, and recovery are operationally ready.
Before you begin

Use your real operating state, not the policy version.

  1. 1 Answer each question against how the organisation works today.
  2. 2 Use the low and high anchors to keep scoring consistent.
  3. 3 Review the chart for areas below three and decide where a deeper discussion is useful.

Assessment form

Answer the maturity questions.

Use the scale for each question. Once complete, calculate the score to show the maturity chart and decide where attention is needed.

The questionnaire below gives UNIFY enough context to understand current cyber maturity across risk, strategy, access, awareness, privileged access, monitoring, resources, and recovery.

1: How well does your organization identify and mitigate potential cyber security risks impacting your business and industry in general?
Please select one of the options.
Not very well
Have cyber plans in place
2: Does your organization rely heavily on third parties to support business services?
Please select one of the options.
High dependency on partners
Low dependency on partners
3: How would you rate your organization's existing cybersecurity strategy?
Please select one of the options.
Poorly, we do not have an existing strategy in place
Very well, we review and update our strategy regularly
4: Has your organization created a governance model/process for managing Cyber Security activities and functions?
Please select one of the options.
No
Yes, our governance includes resources committed to meet regularly to review and update policy.
5: How well does your organization manage access to systems and resources?
Please select one of the options.
Not well. All access is managed manually
Very well, we have automated tools provisioning and removing access based on source data
6: How well does your organization perform provisioning to critical systems and assets?
Please select one of the options.
Not well
Very well. Automated tools in place
7: How strong are the authentication standards implemented and enforced by your organization?
Please select one of the options.
Not strong
The company uses MFA and strong password policies
8: To what level does the organization promote cybersecurity awareness for its employees?
Please select one of the options.
It doesn't
Ongoing awareness programs and training is performed
9: How well does your organization protect personal information collected as part of business operations?
Please select one of the options.
Information is collected such as address and phone but not stored in protected areas.
PII is stored, collected, encrypted, and access is managed. The company remains compliant with regulatory requirements such as GDPR.
10: How well developed is the management of access to elevated accounts in your organization?
Please select one of the options.
Privileged access is provided on an ad hoc basis. Little to no reporting is performed to manage this.
All privileged account access is managed with secrets to privileged accounts managed in separate stores.
11: How well defined is your organization's process to enforce stronger authentication for elevated privileges?
Please select one of the options.
Not defined. No separate consideration given for Privileged access authentication
Privileged access is given only with additional authentication methods
12: How comprehensively does your organization perform monitoring and logging of security events?
Please select one of the options.
Monitoring is performed on an ad hoc basis with isolated instances in place
An overall monitoring and notification service is in place to capture real time events
13: How well developed is your organization's response plan in an event of cyber security incident?
Please select one of the options.
Any response to a cyber incident is ad hoc
An overall cyber response plan is in place and training performed to test this at random but regular periods
14: What is the level of reporting on cyber security events?
Please select one of the options.
Reporting is ad hoc and isolated in certain systems
Reporting is managed with ad hoc and scheduled reports provided to subscribers across the organization
15: How well prepared is your organization to manage cyber security incidents / risks?
Please select one of the options.
No previous thought provided on what steps should be taken
Resources and technology is committed to manage cyber risks and security incidents
16: How proactively does your organization seek to identify Security vulnerabilities within its technology environments?
Please select one of the options.
No active process in place to identify vulnerabilities
All applications and resources are tested (Pen testing) with any program of work requiring to complete vulnerability testing and compliance
17: How well prepared is your organization to recover in the event of a major cyber security incident?
Please select one of the options.
Backups are ad hoc with limited confirmation of the succes of the backup taken
Processes and data are in place to support return to operations from DDoS or Ransomware attacks
Answer every required question before calculating the score.

Want to discuss the result?

If you have further questions or would like to discuss how UNIFY could help improve your security maturity, enter your details below and we will be in touch.

Looks good!
Please enter your name.
Looks good!
Please enter your company.
Looks good!
Please enter your e-mail address so we can contact you.
This form uses Google ReCaptcha to ensure interactions with our site are from legitimate users. Please accept the use of recommended storage before submitting the form. Find out more at the Privacy Center.

By clicking the "Send" button, I consent to the collection, use and/or disclosure of my data in this form by UNIFY Solutions to contact me for the purpose of fulfilling my request. I understand and agree that should I wish to stop receiving such materials, I can request to cease communications by replying to the email and requesting to opt-out.

This site is protected by reCAPTCHA.

Your message could not be sent. Try again later.