Tool · Free 60-Second Readiness Quiz
Are you actually ready for a cyber incident?
Six yes/no questions. One minute. You get an honest verdict — Ready, At-Risk, or Exposed — plus a personalized 5-step playbook sized for your situation. No vendor scare-tactics, no NIST alphabet soup.
Question 1 of 6 · Multi-factor authentication
Is MFA turned on for your company email, banking, and accounting accounts?
MFA blocks the single biggest cause of business email compromise — stolen passwords.
What the quiz gives you
Four outputs you can act on this week.
An honest readiness verdict
Ready, At-Risk, or Exposed — based on your answers to six questions every owner already knows. No vendor scare-tactic FUD, no security-theater score with 47 metrics. One number, one verdict, one paragraph of what it means.
A personalized 5-step playbook
The five actions you can run this week — sized for your verdict. Exposed gets the emergency triage. At-Risk gets the gap closers. Ready gets the maturation moves. Each action is one sentence, with a time estimate.
Question-by-question coaching
For each of the six controls, see what you said, what the right answer is, and what to do if you missed it. The wire-transfer question alone has stopped six-figure BEC losses for owners who took it seriously.
A baseline you can re-run
Quarterly check-in. See whether your posture improved or drifted. Most owners discover their MFA coverage drops as they add contractors and SaaS — a quarterly re-run catches the drift before an attacker does.
Who runs this
Owners and the people who keep the lights on for them.
CEO / Founder
You aren't a security person, and the alphabet soup (NIST, CIS, ISO) makes your eyes glaze. This quiz speaks owner-language and gives you a verdict you can take to the next leadership meeting.
COO / President
Operational continuity is your problem. The quiz surfaces the controls that actually drive recovery time: MFA, backup verification, incident plan. Skip these three and your downtime triples.
CFO / Controller
Question 4 is for you. Single-approver wire fraud is the #1 financial loss vector for owner-led businesses. The quiz takes 60 seconds and the dual-approval fix takes 30 minutes.
Office manager / IT lead
You inherited the cybersecurity duties because someone had to own them. The quiz tells you which controls actually matter — so you can stop chasing 12 dashboards and focus on the 6 that determine whether you survive an incident.
FAQ
Questions about the quiz.
How is this different from the Cost of Getting Hit calculator?
Cost of Getting Hit gives you a dollar number — the financial exposure if you got breached. Are You Ready gives you a posture verdict — the qualitative readiness. Most owners run both: the cost calculator tells the board WHY to invest, the readiness quiz tells you WHAT to invest in first.
Why six questions and not 60?
Because owners don't answer 60-question security assessments. These six are the controls that drive 80%+ of real-world incident outcomes — MFA, tested backups, insurance coverage clarity, wire-transfer authorization, auto-updates, and an incident plan. The other 54 questions don't matter if these six aren't solid.
Is this for US businesses only?
Yes. EFROS serves only US clients, so the playbook anchors in US frameworks — CISA guidance, SBA breach economics, state breach notification laws, NYDFS Part 500, HIPAA where relevant. We don't model EU GDPR or UK ICO here.
Is the verdict harsh?
The verdict reflects the reality CISA and SBA data points to — roughly 60% of small businesses close within 6 months of a major breach, and the controls in the quiz separate the 40% that survive from the 60% that don't. We don't soften it because the math doesn't soften.
What happens to my email?
Your name, email, company, and phone are stored in EFROS-controlled D1 storage on Cloudflare. Used to deliver this playbook, follow up if you ask us to, and notify you about future readiness updates. Not shared with third parties. Subject to the EFROS privacy policy. Unsubscribe with one click.
What if I've already been breached?
If you're handling an active incident right now — ransomware demand, suspicious account activity, business email compromise, data theft — don't fill out a quiz. Use our emergency lane at /incident-response-emergency/ for a 60-minute response triage.
Got your verdict. Want to know what it would cost?
The Cost of Getting Hit calculator translates your readiness gap into a defensible dollar range — direct response, downtime, customer churn, regulatory action, and the insurance premium hike.