Skip to main content
Cleverer Logo
Book a Demo
Log in
Cleverer Logo
Book a Demo
Log in
Cleverer Logo
Cyber Compliance Risk Score

If something went wrong tomorrow, could your business prove it took reasonable cyber security steps?

Most businesses assume they are fine.

They find out they are not when a breach happens, a client complains, or an insurer asks for evidence.

This score shows where your business may already be exposed across training, governance, data handling, ownership, and proof.

Get My Risk Score See What It Measures

Where businesses usually get caught out

1
Training exists, but cannot be proven Staff may have been told what to do, but there is little evidence to show it.
2
Policies exist, but are not being enforced Documents may exist, but they are not owned, acknowledged, tracked, or reviewed properly.
3
When proof is needed, there is activity but not evidence That is where businesses suddenly look patchy, reactive, or hard to defend.
Start the Score
Where businesses get caught out

The problem is rarely awareness. The problem is drift.

Most businesses already know cyber compliance matters. What they usually do not have is a clear starting point, a simple way to see what is missing, and a system for turning good intentions into visible evidence.

Staff are expected to know what to do, but training is not tracked If the business cannot show who completed training and when, it is harder to prove reasonable steps.
Policies exist, but nobody can show they were acknowledged or reviewed Documents sitting in folders do little if they are not visible, current, and actually used.
Sensitive data is handled in ways that feel normal, but create quiet risk Shared drives, old client files, broad access, and unclear retention practices often stay invisible until they become expensive.
When proof is needed, the business has activity, but not evidence That is when the gap between “we do take this seriously” and “we can show it” becomes painfully clear.
How this works

A vague obligation becomes a clearer reality check.

This score is not here to educate you in circles. It is here to show whether your business looks prepared, patchy, or exposed — and what needs attention first.

1
Answer a few blunt questions No jargon. Just the issues that usually expose businesses when something goes wrong.
2
See where the business may already be exposed Get a clearer sense of whether it looks prepared, patchy, or hard to defend.
3
See what to fix first Leave with a priority, not a vague feeling that something should be sorted later.
Get your score

Cyber Compliance Risk Score

Answer based on what you could actually show today, not what you hope is happening in the background.

Question 1 of 12
0 answered
Question 1

Do you provide cyber security awareness training to staff?

This is about real, intentional training rather than simply assuming people know what to do.

Question 2

Can you show evidence of who completed training and when?

Expectation is not evidence. This is about whether records could actually be produced if asked for.

Question 3

Do you have current cyber, privacy, or data handling policies?

This is about whether your documents are current, relevant, and tied to how the business actually operates.

Question 4

Have staff acknowledged or been taken through those policies?

A policy in a folder does not mean your business can show staff were actually expected to follow it.

Question 5

Do you know what sensitive information your business holds?

This is about whether you have a practical understanding of what information you collect, use, store, and protect.

Question 6

Is access to client or sensitive data limited to people who need it?

This checks whether access is controlled intentionally rather than being broad, inherited, or informal.

Question 7

Do you delete or review old customer files in line with a defined process?

This is about retention discipline, not perfection. Old files quietly create exposure when they are kept forever by default.

Question 8

Could your business respond quickly if a phishing email or breach occurred?

This is about whether a response process exists before pressure hits, not whether your team could improvise in the moment.

Question 9

Is cyber compliance or cyber risk clearly owned by someone internally?

If ownership is vague, responsibility usually becomes reactive rather than disciplined.

Question 10

Could you show a manager, insurer, client, or regulator what steps you have taken?

This is where many businesses discover they have activity but not a convincing evidence trail.

Question 11

Are cyber-related reviews, refreshers, or compliance checks done regularly?

Compliance drifts when nothing is reviewed on a defined cycle.

Question 12

If a staff member made a privacy or cyber mistake today, would your business look prepared or exposed?

This is the blunt commercial question underneath everything else.

0 out of 100 risk
Some risk

Your business may have some compliance exposure.

Your answers suggest there are areas that may create exposure if something goes wrong and proof is requested.

What to tighten first
Book a Compliance Call Retake Score
Indicative self-assessment only. Not legal advice and not a full compliance audit.
What your score means

What your score is really telling you

This is not about whether the business means well. It is about whether it would look prepared, patchy, or exposed if the wrong question was asked at the wrong time.

0–20 | Stronger position You appear to have meaningful foundations in place. The next question is whether they stay current, visible, and easy to prove when needed.
21–50 | Action needed You likely have some foundations, but there are enough gaps to make the business look patchy if something goes wrong or proof is requested.
51–100 | High exposure Your business may be relying on assumptions more than structure. That usually stays invisible until it becomes expensive, urgent, or difficult to explain.
Next step

Do not wait until something goes wrong to find out how hard your business is to defend.

If your score is not where it should be, the answer is not more vague awareness. It is a clearer system for training, governance, accountability, and evidence of reasonable steps.

Book a Compliance Call Recheck My Score
Cleverer Logo
Privacy Policy Terms Contact
© 2026 Cleverer. Human-layer cyber compliance for Australian business.