Have you and your executives quantified the risk to your business and the potential impact on your business assets if your organization is breached? In addition, have you used this information to better prioritize your budget and resources?
Are you confident that you have developed and implemented the appropriate cyber security infrastructure to protect your organization and maintain the confidence of your clients?
Have you understood your potential risk exposure by engaging cyber security consultants, such as ethical hackers, to hack your organization (networks, applications, mobile)?
Can you demonstrate a solid cyber incident response plan which enables you to respond to a breach? And have you tested it by doing a tabletop exercise?
Have you ever considered a cyber security advisor, such as a Virtual Chief Information Security Officer (VCISO), to help set organizational standards and policies?
Do you have a clear understanding of your supply chain/vendor/third-party management strategy and contracts, beginning with IT-focused contracts?
Have you considered purchasing cyber security-specific insurance to protect against the ramifications of any major breaches? And is the insurance focused on the key business risks that you have identified if breached?
Is your information reinforced with a business continuity plan that includes the backup and recovery of your data? Additionally, is the data stored offline and offsite, and have you tried restoring it?
Do you have sophisticated cyber security educational training, practices, and procedures for your employees? And are you making this training personalized?
Do you have a patching and shadow IT strategy? (These are two of the biggest challenges that exist in cyber security today, but they are often overlooked.)