Free SMB Cyber Readiness Assessment

Free 5‑minute security check for small and medium businesses – tailored for Australia and New Zealand

Running a small business doesn’t mean you can ignore cyber security. This quick assessment covers the four areas that matter most for SMBs: identity & access, devices & patching, backup & resilience, and email & people risk. You’ll get a practical risk rating (Critical → Low) and a short list of priorities – no jargon, no obligation.

New Zealand context: References the Privacy Act 2020 and NCSC NZ guidance for small businesses. The Privacy Commissioner expects reasonable security safeguards – this assessment shows you where to focus first.

Australian context: Aligned with the Privacy Act 1988 (Cth), Notifiable Data Breaches (NDB) scheme, and the Essential Eight (light version). Ideal for sole traders, micro‑businesses, and growing SMBs who need a starting point.

This free self‑assessment takes about 5 minutes. Your report includes a risk level, a ranked action plan with effort estimates (Quick Win / Medium / Project), and a private, shareable link.

Ready for a deeper dive? Try our Essential Eight maturity assessment for control‑by‑control analysis, or NIST CSF Lite for a programme‑wide view.

Identity & access
MFA enforcement, separate admin accounts, leaver process.
Devices & patching
Patch SLAs, endpoint protection, device inventory.
Backup & resilience
Automated backups, restore testing, incident response plan.

Email & people risk
DMARC configuration, security awareness training.
Clear risk rating
Critical → High → Moderate → Low. Know your exposure at a glance.
Priority action plan
Ranked list of improvements with effort estimates.

Start here

Take the assessment

SMB Cyber Readiness Assessment

Answer a short set of plain-English questions to identify your strongest security gaps and next actions.

Takes about 5 minutes

Review your answers

Your snapshot is ready

Enter your details to unlock the full report and recommended next steps.

First name *

Last name *

Work email *

Phone

Company *

Industry

How it works

How the SMB Cyber Readiness assessment works

Answer 11 plain‑English questions

Four sections covering the most important SMB controls. Choose Yes / Partially / No based on what’s actually happening today.

We calculate your risk rating

Weighted scoring gives you a risk level – no complicated maths, just a clear “where you stand”.

Get your free report instantly

Enter your email to receive a private report with your risk rating, missing controls, and recommended actions – share it with your team or IT provider.

SMB cyber security for AU & NZ

Frequently asked questions

Is this assessment suitable for my micro‑business (under 5 staff)?

Absolutely. The questions are designed for small businesses with limited IT resources. You don’t need a dedicated security person – answer based on what you know. If you’re unsure about a question, choose “Partially” and your report will explain what to check.

What’s the single most important control for a small business?

Multi‑factor authentication (MFA) on email and cloud access. It blocks the vast majority of credential‑based attacks. Most small businesses can enable MFA in under 30 minutes at no extra cost (Microsoft 365 and Google Workspace include it).

Do I need to worry about the Privacy Act as a very small business?

Yes – if you hold any customer, employee, or supplier personal information, the Privacy Act 1988 (AU) or Privacy Act 2020 (NZ) applies. There is no small business exemption in NZ, and in Australia the exemption is narrow. A data breach can trigger mandatory notification regardless of your size.

I don’t have an IT person – can I still improve?

Yes. Many of the controls in this assessment can be implemented by business owners or with the help of a simple checklist: enable MFA, turn on automatic updates, use a password manager, and set up daily cloud backups. Your report will give you plain‑English steps.

How does this differ from the Essential Eight assessment?

The Essential Eight is a deeper, control‑by‑control assessment (32 questions, takes 7 minutes). This SMB version is a shorter, higher‑level check (11 questions, 5 minutes). Start here if you’re short on time, then take the Essential Eight assessment when you’re ready for a detailed plan.

Will this assessment help me get cyber insurance?

It will give you a good starting point. For a full insurance readiness check, take our dedicated Cyber Insurance Readiness assessment, which covers the specific controls underwriters require (MFA on email, EDR, immutable backups, DMARC, etc.).

Do you offer ongoing security services for SMBs?

Yes. KIS provides Managed Security as a Service starting from $399/month – includes 24/7 monitoring, staff training, incident response, and plain‑English monthly reporting. Contact our team →

How often should I retake this assessment?

Every 6–12 months, or after any major change (new staff, new software, moving to the cloud). Controls drift quickly in small businesses – regular reassessment helps you catch that drift.