1. Do you know who is responsible for cybersecurity in your organization?^*

2. How confident are you that your organization takes cybersecurity seriously?^*

3. Have you received cybersecurity training in the past 12 months?^*

4. How often do you receive tips or updates about cyber risks (e.g., phishing alerts, scam updates)?^*

5. Have you ever reported a suspicious email or security incident?^*

6. To whom would you report a cybersecurity concern?^*

7. How often do you change your passwords for work systems?^*

8. Rate the following statement: "Cybersecurity is everyone’s responsibility."^*

9. Do you use the same password for multiple systems (work, email, banking, etc.)?^*

10. Has your organization tested your cybersecurity readiness through a drill or simulation in the last 6 months (e.g., phishing test)?^*

11. Does your organization have an active antivirus or endpoint protection solution installed on all devices?^*

12. Are employees required to use strong passwords or multi-factor authentication (MFA)?^*

13. Can staff access company systems remotely? If yes, how is it secured?^*

14. Is there a policy restricting the use of USB drives or external storage on office devices?^*

15. Do you use secure cloud platforms for sharing documents (e.g., Google Workspace, Microsoft 365)?^*

16. Rate the security of your organization’s Wi-Fi and network systems.^*

17. When staff leave the organization, are their email accounts, devices, and system access promptly deactivated?^*

18. Does your organization conduct regular IT security audits or vulnerability assessments?^*

19. Have any of your organization's systems been hacked, breached, or infected in the last 12 months?^*

20. Does your organization have a documented cybersecurity policy?^*

21. If a system goes down due to ransomware or cyberattack, does your organization have a recovery plan?^*

22. Is there a clear reporting channel and protocol in the event of a suspected data breach?^*

23. Has your organization tested its backup and recovery process in the last 6 months?^*

24. Are backups stored securely and offsite (or in the cloud)?^*

25. Do you know the difference between a security incident and a data breach?^*

26. What is your organization’s biggest cybersecurity risk in your opinion?^*

27. How prepared do you believe your team is to handle a cybersecurity emergency?^*

28. Do you think your organization would report a breach to affected stakeholders or regulators if one occurred?^*

29. Which regulator or authority oversees data protection in Uganda?^*

30. Does your organization have a designated Data Protection Officer (DPO)?^*

31. Do you use your work laptop for personal activities (social media, banking, Netflix, etc.)?^*

32. How often do you click on links or download attachments from unknown senders?^*

33. How confident are you in identifying a phishing email?^*