In trying economic times, it’s more important than ever to be able to measure and communicate the effectiveness of one’s cybersecurity program. Colin O’Connor, COO of ReliaQuest, offers a new alternative to traditional metrics.
The metrics that security teams traditionally use at the board level often don’t translate into business objectives, creating communication gaps that leave CISOs struggling to explain the value of their security investments. Consequently, security teams suffer from the inability to obtain increased budget or inversely create a false sense of confidence in security preparedness, all the while risk increases. By applying the metrics that matter, CISOs will strengthen their security program and articulate value to leadership.
Odds are high that, in today’s uncertain environment, your board will come to you even more often with questions about risk levels and security investments. According to Gartner, by the end of 2020, 100% of large enterprises will be asked to report to their boards on cybersecurity and technology risk, up from 40% in 2018. The good news is that there are metrics that make sense and matter to both teams, so everyone can speak the same language – no translators needed. These metrics produce insights that boards and security teams can act on together, while taking into account people, processes, and technology.
In the midst of the current economic and operational volatility, security has become even more visible across the enterprise and boards are asking security leaders more questions about risk than ever before. Security leaders need to demonstrate their organization is as protected as possible against the new risks that have developed, whether related to a remote workforce or the shift of more business online. How can teams measure and communicate visibility and response capabilities in a language that makes sense to executive and board stakeholders?