Free Security Risk Assessment

Map your security posture.
In under 10 minutes.

Answer a focused set of questions about your environment, regulatory exposure and current security controls. We'll generate a personalized report — risk score, compliance gap analysis, vendor recommendations and a phased roadmap.

~8 minutes

22 questions

5 regulations covered

// Section 1 of 5

Company Profile

// Part 01 / 05

Company Profile

Tell us a bit about your organization so we can calibrate the report.

Q1 Which industry best describes your organization?

Banking / Financial Services Insurance E-commerce / Retail Healthcare Manufacturing / Industrial Public sector / Government Technology / SaaS Other

Q2 How many employees does your organization have?

1 – 50 51 – 250 251 – 1,000 1,000+

Q3 Where do you operate?

Türkiye European Union Middle East / GCC United States Global / Other

Q4 What's your annual cybersecurity budget? (optional)

Under $50K $50K – $250K $250K – $1M $1M+ Prefer not to say

// Part 02 / 05

Current Infrastructure

A snapshot of where your workloads run and what you build on top of.

Q5 Where do your workloads run?

Mostly on-premise Hybrid (on-prem + cloud) Cloud-first / cloud-native Multi-cloud

Q6 Do you use containers / Kubernetes / serverless?

Yes — extensively in production Some workloads / piloting Planning to adopt No

Q7 Do you run SAP, Oracle EBS or other ERP systems?

Yes — business-critical SAP/Oracle Yes — limited use Other ERP (Microsoft Dynamics, NetSuite, etc.) No ERP

Q8 Are AI / LLM applications part of your stack?

Yes — in production (chatbots, agents, RAG) Piloting / building prototypes Planning within next 12 months Not applicable yet

Q9 How much custom software do you develop in-house?

Significant — multiple dev teams Some — limited internal dev Minimal — mostly off-the-shelf None

// Part 03 / 05

Current Security Posture

What's already in place and how mature your operations are today.

Q10 Which security tools do you currently use? (select all)

SIEM (Splunk, Sentinel, etc.) EDR / XDR (CrowdStrike, SentinelOne, etc.) NDR (Network Detection & Response) Cloud security platform (CSPM/CNAPP) AppSec (SAST/SCA/DAST) WAF / API security Vulnerability management IAM / PAM None / minimal

Q11 Have you experienced a security incident in the last 12 months?

Yes — major (ransomware, breach, data leak) Yes — minor (phishing, malware, etc.) No known incidents Don't know / no visibility

Q12 Do you have a Security Operations Center (SOC)?

Yes — in-house SOC Yes — managed (MSSP) Hybrid (in-house + managed) No dedicated SOC

Q13 How often do you run penetration tests / red team exercises?

Continuous / quarterly Annually Rarely / ad-hoc Never

Q14 Vulnerability management maturity?

Automated, continuous, with SLAs Periodic scans, manual remediation Reactive — fix when alerted No formal program

Q15 Do you currently have software supply chain visibility?

SBOM, dependency scanning, third-party binary analysis, etc.

Yes — full visibility Partial — some scanning No coverage

// Part 04 / 05

Regulatory & Compliance

Which standards apply, and where you stand against them today.

Q16 Which regulations apply to your organization? (select all)

KVKK (TR) BDDK (TR Banking) ISO 27001 PCI-DSS GDPR (EU) None / not yet

Q17 Do you hold any current certifications?

ISO 27001 certified ISO 27017 / 27018 SOC 2 Type II PCI-DSS attestation KVKK Veri Sorumluları Sicili (VERBİS) registered No formal certifications

Q18 When was your last external audit / assessment?

Within the last 12 months 1 – 2 years ago More than 2 years ago Never had a formal audit

Q19 What types of sensitive data do you process? (select all)

Personal data (names, IDs, contact) Financial / payment data Health / medical data Intellectual property / trade secrets Critical infrastructure / OT data

// Part 05 / 05

Priorities & Goals

What you're trying to fix, and what success looks like for you.

Q20 What's your top security concern right now? (select up to 3)

Ransomware / extortion Data breach / exfiltration Software supply chain attacks AI / LLM-specific risks Insider threats Cloud misconfigurations Regulatory non-compliance Lack of visibility / detection gaps

Q21 What's your priority horizon for new investment?

Immediate — actively buying now This quarter This fiscal year Researching / evaluating only

Q22 Anything specific you'd like us to focus on? (optional)

Free text — pain points, regulatory deadlines, recent incidents, project plans, etc.

Your report is ready.

Tell us where to send it. You'll see results immediately on this page, and we'll also email a copy you can share with your team.

I agree to be contacted by HubSec regarding my assessment results. View our privacy notice.

Want to discuss these findings?

Our team can walk you through the recommendations, run a deeper technical evaluation, or arrange product demos with the relevant vendors.

Talk to our team

Map your security posture. In under 10 minutes.

Company Profile

Current Infrastructure

Current Security Posture

Regulatory & Compliance

Priorities & Goals

Your report is ready.

Want to discuss these findings?

Map your security posture.
In under 10 minutes.