fsj2018june_02_img01

Cyberspace for Intelligent Minds

6 questions every executive could ask about cyber organisational resilience

Ready to test your understanding? Let’s begin.

/6

What is the value in US$ of the costliest cyber attack in history on a single business or corporation?

Option D is correct if we are relying on public knowledge -- US$10 billion for one corporation (Maersk) as a result of the Not Petya ransomware attack in 2017. The attack caused considerable additional damage to other corporations, businesses, public services and personal users in many countries.

Greenberg, A. (2018) ‘The Untold Story of NotPetya, the Most Devastating Cyberattack in History’, Wired, 21 August. Available at: https://www.wired.com/story/notpetya-cyberattack-ukraine-russia-code-crashed-the-world/

EM360 Tech (2025) ‘Top 10 Most Expensive Cyber Attacks in History’, EM360, 27 August. (Accessed: 5 October 2025)

A. $500 million

B. $1 billion

C. $35 billion

D. $10 billion

E. $50 billion

/6

There are five general causes of economic loss from cyber attack. Which of these five is the most frequent cause of the highest dollar value losses to a single business or corporation?

This needs more research. Our selected answer, Option C, is our best judgement based on the history of expensive cyber breaches. Cyber ignorance can be understood as the persistent reliance of decision‑makers and practitioners on false, incomplete or outdated beliefs about cyber risks, controls and responsibilities, leading them to underestimate threats and misjudge what needs to be done inside their organisation for effective protection.

A. Insecurity (weakness in technical specifications of cyber defences)

B. Incompetence (people in key positions in cyber defence are poorly trained)

C. Ignorance (people make decisions based on poor knowledge or false information about the threat actors)

D. Intransigence (senior executives stubbornly resist higher expenditures on cyber security)

E. Insensitivity (senior executives make serious missteps in management of key stakeholders after a cyber attack)

/6

Which of these statements best addresses how much we really know about the cyber threat environment?

Each of the statements may be partially true but Option D is the approach that probably is essential. Understanding the implications of cyber threats to take account of gaps in our knowledge almost certainly depends on social science analysis of management outcomes. See "What lurks beneath the tip of the iceberg? Exploring the “missingness” problem in cyber events data". There is little significant data on how the offensive cyber operations of the Five Eyes countries affect cyber security threats.

A. 10% of the reality (tip of the iceberg)

B. 50% of the reality

C. we can't estimate it because of large gaps in data consistency and selection

D. we may not need to estimate it with precision but we can begin to address gaps in knowledge through applied social science techniques specific to our organisational needs

E. we can trust the combined public output of the Five Eyes Intelligence Agencies to tell us most of what we need to know in operational terms. There are few gaps to worry about.

/6

What above all else ultimately determines all security outcomes in cyberspace?

Option D is objectivley true. All others variables are shaped by choices of individual people. This is addressed in the foundation paper of the Social Cyber Institute, "Creating Social Cyber Value" https://docs.wixstatic.com/ugd/15144d_41e7099496864974988f4eb18de83994.pdf

A. The level of national cyber defence spending

B. The sophistication of an organisation’s technical tools

C. The number of cyber incidents reported globally each year

D. Individual people whose behaviour is shaped by their social setting

E. The strength of international cyber collaboration with the Five Eyes

/6

If you had to prioritise four pillars of business activity to be well-integrated to optimise your corporate information security ecosystem, which group below should it be?

To optimise the information ecosystem, organisations must manage cyber security, digital infrastructure, digital transformation and human resources together, rather than treating them as separate, unconnected functions. Digital transformation is crucial because every major change in how an organisation uses digital technology either creates or reduces cyber risk; there is no neutral. How an enterprise oprganises its human resources at all levels for cyber security, including inside the firm and through extenral relationships, is the primary determinant of cyber security outcomes. The other two pillars (cyber security and digital infrastructure) are obvious inlcusions in the four pillars.

A. Cyber security, marketing, legal, finance

B. Cyber security, sales, customer service, product development

C. Digital infrastructure, vendor management, procurement, logistics

D. Human resources, public relations, finance, facilities management

E. Cyber security, digital infrastructure, digital transformation, human resources

/6

What organisational shift is needed in most enterprises to move beyond a narrow, purely technical view of cyber security?

Option E aligns with the findings of the foundation paper of the Social Cyber Institute, "Creating Social Cyber Value". This research paper was produced by its authors at the University of New South Wales Canberra.

A. Centralising all cyber decisions in the IT department

B. Treating cyber security as a separate defensive silo led mainly by technical experts

C. Having a laser-like focus on regulatory requirements

D. Outsourcing most cyber functions to external suppliers to reduce internal complexity and maximise application of diverse security specialisations from the world's best vendors

E. Adopting a socio‑technical cyber ecosystem perspective that integrates technical, social, ethical and economic aspects inside and outside the enterprise

Submit Email

Please fix the errors below and submit again

Email

Cyber policy Novice? You got {number correct}/{number of questions} correct answers 😥

So cyber policy isn't your strong suit yet. No shame in that! We suggest you stick with the possibilities, perhaps try our next quiz or contact us by email for more information on our unique courses.

Worldly Wanderer: You got {number correct}/{number of questions} correct answers 🙂

Not bad! Your cyber policy knowledge is above average and we are officially impressed.

Cyber policy guru: You got {number correct}/{number of questions} correct answers 🥳

You rocked it. Seriously, this quiz was filled with curve balls but nothing got by you. You're a cyber policy whiz with the future of cyberspace in your hands.