SMESEC - SMEs' Cybersecurity Watch

The survey intends to identify, in less than 10 minutes, the cyber threats you are exposed to and the status of your organisation concerning cybersecurity. Your contribution will help in bringing together the facts from small and medium-sized enterprises. We will use the information to inform about the state of cyber threats across industries and guide the development of lightweight answers for thorough protection.

We simplified the questionnaire as much as possible. Even if you are not a cybersecurity specialist, you can easily answer them. An optional, more technical part of the survey is also available for the person responsible for cybersecurity in your organisation. Fill it out to get ideas of what cybersecurity is about!

All data will be treated anonymously and analysed in a continuous report available on the project website. www.smesec.eu.

SMESEC is a European research project funded by the European Commission under the Grant Agreement 740787 and the Swiss State Secretariat for Education, Research and Innovation (SERI) under contract number 17.00067. The project aims at supporting SMEs in the area of cybersecurity offering two different tools: on the one hand a cybersecurity framework offering state-of-the-art tools and on the other hand cybersecurity training and awareness courses.

Other Languages

Deutsch: https://goo.gl/forms/FQpeAmCWnTSc5oBm2

Français: https://goo.gl/forms/3qtKb0uQFDaEcpdQ2

Español: https://goo.gl/yemW1D

Nederlandstalig: https://docs.google.com/forms/d/1WifTlliOQtwmmLfHQOrd6wg49nK0OeKSUp3o3nVtpKI/viewform?ts=5b9624d3&edit_requested=true

Ελληνικά: https://docs.google.com/forms/d/e/1FAIpQLSdXPrVMQs1C53avPvQFlGGi1_9Idfw8YVAOV6N6WP2f56JJtw/viewform

About You

What is the job title stated on your business card?

Are you responsible for the cybersecurity of your company?

Yes

Yes, partly

No

Clear selection

Did you receive any training in the field?

Applies to you as a person and not to your company.

Yes

No

Clear selection

Your pseudonymous identifier

Create here a unique anonymous identifier that you remember and reuse in future questionnaires as long as you stay with the same company. E.g. compose the identifier with the month and day of your birthday and the place on earth with your best memories (example: 1105rapperswil). The identifier will allow us to study trends over time.

Your Company's Profile

We anonymise and summarise the responses. No conclusions can be made about an individual company.

Company Size

Choose the smallest size for which all criteria apply.

Micro: <10 employees and turnover ≤ 2 Million €

Small: <50 employees and turnover ≤ 10 Million €

Medium-sized: <250 employees and turnover ≤ 50 Million €

Government or public organization

Other:

Clear selection

Type of Business

Please indicate the business models that contribute with >20% of the turnover of your company. You may select multiple entries. Examples and more information: https://www.smesec.eu/SMESEC_Questions_Answers.html

Financial

Physical, devices

Software, SaaS

Data, digitally encoded knowledge

Humans, experts, person-hours

Developer, inventor

Producer, manufacturer

Reseller, distributor

Service-provider, lessor

Broker

Domain of Business

Please indicate the main business domain of your company.

Cyber Threats

Please judge the following statements.

Your company considers itself to be a target for hackers.

Strongly disagree

1

2

3

4

5

Strongly agree

Clear selection

What cyber attacks or data breaches did your company experience in the past 12 months?

One answer per row.

Frequent

Occasional

Almost never

Never

I do not know

Severe attacks (threat to your operations)

Moderate attacks (requiring dedicated attention)

Mild attacks (without significant impact)

Clear selection

What were the consequences of the attacks on your company?

Multiple answers possible; some are exclusive.

Regulatory or contractual sanctions or fines

Temporary disruption of the company's business

Extra costs for incident recovery and prevention

Closure of the company or business

Reputational damage: loss of customers, sales, profits

I do not know

No consequences

Other:

Your company is worried about cyber threats.

Strongly disagree

1

2

3

4

5

Strongly agree

Clear selection

In comparison to 12 months ago, your company's worries about cyber threats changed as follows.

Much less concerned

1

2

3

4

5

Much more concerned

Clear selection

Your Company's Protection and Practices

Please consider the opinion of your company as of today.

Your company can well mitigate cyber risks, vulnerabilities, and attacks.

Please judge the statement.

Strongly disagree

1

2

3

4

5

Strongly agree

Clear selection

Your company can easily recover from a cyber attack.

Strongly disagree

1

2

3

4

5

Strongly agree

Clear selection

Your company has a systematic approach to ensuring cybersecurity.

Strongly disagree

1

2

3

4

5

Strongly agree

Clear selection

Sources of knowledge about cybersecurity

Please judge the attractiveness of the following sources for your company.

Unattractive (1)

2

3

4

Attractive (5)

Web pages and forums

Newspapers, radio, and television

Own research

Online courses, webinars, and videos

Classroom courses, workshops

External experts

Clear selection

Who does cybersecurity for your company?

Multiple answers possible; some are exclusive.

A dedicated person or team

I do not know

External consultants or service providers

Everybody a bit

Nobody

Other:

What budget is allocated to cybersecurity?

Select the closest fitting number.

No budget

2% of turnover

5% of turnover

10% of turnover

20% of turnover

I do not know and cannot estimate

Clear selection

Improving Cybersecurity

Your company may consider slowing or pausing operations for some days and improve cybersecurity.

Strongly disagree

1

2

3

4

5

Strongly agree

Clear selection

How could your company improve cybersecurity?

Multiple answers possible; some are exclusive.

Improve the cybersecurity tooling

Train employees in cybersecurity awareness and practices

Employ or contract cybersecurity specialists

Acquire a more advanced set of security solutions

I do not know

Exchange lessons-learned with other SMEs

Respond to prioritised threats

Allocate extra budget for cybersecurity

Systematize the search for vulnerabilities

Other:

Are you the cybersecurity responsible in your company and want to help us with answers to technical questions? *

If there is no cybersecurity responsible in your company, you are also kindly invited to do the technical part (please select "Yes" below). "I do not know" will be allowed, and all questions will be optional.

Yes, I would like to offer technical feedback

No, I am unable to or shound not provide technical feedback