📄 Sample Report — Demo Only

Executive Security Report

Acme Retail Pty Ltd  ·  Retail & E-Commerce
25–50 employees  ·  Sydney, NSW
Prepared: 7 April 2026  ·  Confidential
● Board & Management Only
Executive Summary
42
/100
Needs Improvement
Acme Retail Pty Ltd has significant cybersecurity gaps that expose the business to financial loss, regulatory penalties, and reputational damage. Multi-factor authentication is not enforced across critical systems, staff have not received recent security training, and no formal incident response plan exists. Immediate action on the critical risks below is strongly recommended before your cyber insurance renewal in Q3.
2
Critical Risks
2
High Risks
$340k
Max Exposure AUD
38%
Compliance Score
Board Talking Points
Key Messages for the Board
Current security posture scores 42/100 — below the SME average of 54
Maximum financial exposure from identified risks: $340,000 AUD
Two critical risks require board-level attention and immediate action
Cyber insurance renewal should be reviewed against this risk profile
Recommended 90-day remediation investment: $8,000–$15,000 (vs $340k exposure)
Risk Register
critical No Multi-Factor Authentication on Email & Cloud Systems $50,000–$120,000
Finding
Business email compromise is the #1 cause of financial loss for SMEs in Australia. Without MFA, a single stolen password gives attackers full access to email, files, and banking portals.
Recommendation  ·  Low effort  ·  Immediate (within 7 days)
Enable MFA on Microsoft 365 / Google Workspace within 7 days. Use Microsoft Authenticator or Google Authenticator. This is free and takes under 2 hours.
critical Customer Payment Data Stored Without Encryption $80,000–$200,000
Finding
Customer payment records stored in unencrypted spreadsheets or databases violate PCI-DSS requirements. A single breach triggers mandatory notification, fines, and potential class action.
Recommendation  ·  Medium effort  ·  Within 30 days
Migrate payment data to a PCI-DSS compliant processor (Stripe or Square). Delete any locally stored card data immediately.
high Staff Have Not Received Security Awareness Training $30,000–$80,000
Finding
92% of breaches start with a phishing email. Without regular training, staff cannot identify suspicious emails, fake invoices, or social engineering attempts.
Recommendation  ·  Low effort  ·  Within 30 days
Enrol all staff in a 1-hour online security awareness course (KnowBe4 or Proofpoint offer SME packages from $8/user/year).
high No Formal Incident Response Plan $20,000–$60,000
Finding
Without a documented plan, businesses take 3–5x longer to recover from incidents, incurring greater financial damage and reputational harm.
Recommendation  ·  Low effort  ·  Within 14 days
Risqure can generate a basic Incident Response Plan from your assessment data. Review and customise it with your team.
medium Software & Operating Systems Not Patched Regularly $10,000–$40,000
Finding
Unpatched systems are a common entry point for ransomware. Regular patching closes known vulnerabilities before attackers can exploit them.
Recommendation  ·  Low effort  ·  Within 30 days
Enable automatic updates on all Windows/macOS devices. Schedule a monthly patch review for servers and line-of-business applications.
Compliance Gap Analysis
Australian Essential Eight
Application Whitelisting ✗ Fail
Patch Applications ~ Partial
Configure Office Macros ✗ Fail
User Application Hardening ~ Partial
Restrict Admin Privileges ✗ Fail
Patch Operating Systems ~ Partial
Multi-Factor Authentication ✗ Fail
Daily Backups ✓ Pass
Privacy Act 1988 (Australia)
Privacy Policy Published ✓ Pass
Data Breach Response Plan ✗ Fail
Consent for Data Collection ~ Partial
Data Minimisation Practices ✗ Fail
Key Gaps Identified
Multi-factor authentication not enforced on any system
No documented data breach response procedure
Office macros not restricted — high ransomware risk
Admin privileges not restricted to necessary users only
No formal data retention and disposal policy
90-Day Remediation Roadmap
Month 1 — Immediate Wins
Enable MFA on all cloud accounts (Microsoft 365 / Google)
Disable Office macros or restrict to signed macros only
Enrol all staff in phishing awareness training
Document and test your data backup restore process
Month 2 — Close Critical Gaps
Remove payment data from local storage — migrate to Stripe
Create a simple Incident Response Plan (use Risqure template)
Review and restrict admin account privileges
Enable automatic OS and application patching
Month 3 — Build Foundations
Implement a formal acceptable use policy
Schedule quarterly security reviews
Review cyber insurance coverage against actual risk profile
Begin ISO 27001 or Essential Eight Maturity Level 1 gap assessment
Quick Wins — Do This Week
Immediate Actions (Free or Low Cost)
Enable MFA — free, takes 2 hours, eliminates 99% of account takeover risk
Run a free phishing simulation (Google has a free tool)
Check Have I Been Pwned for all staff email addresses
Enable full-disk encryption on all laptops (BitLocker/FileVault — free)
Review who has admin access — remove anyone who doesn't need it
Generated by Risqure  ·  Uruk Technology Solutions  ·  risqure.uruktech.com.au  ·  7 April 2026
SAMPLE REPORT — Not for distribution