By using this site, you agree to the Privacy Policy and Terms of Use.
Accept
AmextaFinanceAmextaFinance
  • Home
  • News
  • Banking
  • Credit Cards
  • Loans
  • Mortgage
  • Investing
  • Markets
    • Stocks
    • Commodities
    • Crypto
    • Forex
  • Videos
  • More
    • Finance
    • Dept Management
    • Small Business
Notification Show More
Aa
AmextaFinanceAmextaFinance
Aa
  • Banking
  • Credit Cards
  • Loans
  • Dept Management
  • Mortgage
  • Markets
  • Investing
  • Small Business
  • Videos
  • Home
  • News
  • Banking
  • Credit Cards
  • Loans
  • Mortgage
  • Investing
  • Markets
    • Stocks
    • Commodities
    • Crypto
    • Forex
  • Videos
  • More
    • Finance
    • Dept Management
    • Small Business
Follow US
AmextaFinance > Small Business > A Reality Check Around Cybersecurity Benchmarking
Small Business

A Reality Check Around Cybersecurity Benchmarking

News Room
Last updated: 2023/08/11 at 11:09 PM
By News Room
Share
5 Min Read
SHARE

Founder & CEO, Corix Partners | Author “The Cybersecurity Leadership Handbook for the CISO and the CEO” | Board Advisor | Non-Exec Director

Contents
Consider the context.Companies typically don’t have enough data for an accurate comparison.CISOs should focus instead on the underlying motivation of the senior executives behind the question.

For as long as I have been involved in cybersecurity, I have heard top executives asking for benchmarking data around their cybersecurity practice. It might have been in terms of maturity, security spending or frequency of breaches, but “how are the others doing” has always been a fairly common question.

I think this goes way beyond “herd mentality,” and context is key to positioning the right answer. So before going any further, CISOs facing this type of situation must ask themselves where the concern is coming from.

Consider the context.

If the question is coming up in a context of budgetary or strategic orientation discussions, it often reflects a need for reassurance, if not plain discomfort, with regard to what is being proposed.

Top executives should know that each organization is different, even across the same industry (many would have built their careers moving from one firm to another across that spectrum).

They should also understand that differences in cyber maturity and risk appetite can drive different approaches and that organizations don’t easily share sufficient quantitative data at that level to allow meaningful comparisons: They—themselves—may not be comfortable seeing disclosed to competitors how much they are budgeting for cybersecurity for example.

Companies typically don’t have enough data for an accurate comparison.

The objective could be to drive the CISO’s ambitions up or down, but in most cases, the benchmarking question is politically loaded, and it has never been a simple one to answer quantitatively with any degree of accuracy.

I’ve noticed most CISOs have historically tried to address it in a qualitative manner based on anecdotal evidence gathered at conferences or through industry forums, but window-dressing a few anecdotal data points to make them look bigger than they are can be a dangerous and misleading game.

Only a small number of very large management consulting firms might have the necessary elements of data—or the reach to collect it. But even that reach is likely to be limited to the large firms able to afford their services, and they will have to anonymize or aggregate the findings to respect the confidentiality of their clients.

CISOs might be better off in many cases by sidestepping the question. For most firms, there is simply no defendable, sufficiently accurate, quantitative answer to the cybersecurity benchmarking question.

CISOs should focus instead on the underlying motivation of the senior executives behind the question.

Trust between executives is of paramount importance to any transformative initiative around cybersecurity, and the benchmarking question could be a symptom of trust erosion. That’s a far more serious matter to address than the collection of illusory comparative data.

Trust—at this level—will have its foundations in mutual respect, and that has to start for the CISO by listening to the real priorities and constraints of the leadership team and understanding the implications these may have on cybersecurity orientations, for good or for bad.

They will have to elevate their game to look convincingly beyond the tech horizon and showcase their understanding of the key governance and management matters at the heart of the cross-functional nature of cybersecurity in large firms.

As the “when-not-if” paradigm around cyberattacks becomes prevalent across the boardroom, CISOs must also focus their attention on demonstrating their long-term ability to execute transformative measures and stop relying only on their short-term firefighting skills to build up their case.

It is likely that benchmarking will cease to be a concern for senior executives if they have the sense cybersecurity is in firm hands and driven in a direction that matches their expectations and the needs of the firm.

Forbes Business Council is the foremost growth and networking organization for business owners and leaders. Do I qualify?

Read the full article here

News Room August 11, 2023 August 11, 2023
Share this Article
Facebook Twitter Copy Link Print
Leave a comment Leave a comment

Leave a Reply Cancel reply

Your email address will not be published. Required fields are marked *

Finance Weekly Newsletter

Join now for the latest news, tips, and analysis about personal finance, credit cards, dept management, and many more from our experts.
Join Now
Retail investors reap big gains from ‘buying the dip’ in US stocks

Stay informed with free updatesSimply sign up to the US equities myFT…

Israel to join ceasefire talks despite ‘unacceptable’ response from Hamas

Unlock the Editor’s Digest for freeRoula Khalaf, Editor of the FT, selects…

Tesla and China: EV maker is facing competition like never before, analyst says

Watch full video on YouTube

How Tariffs Will Make Everything More Expensive In The U.S. | CNBC Marathon

Watch full video on YouTube

Texas flash flood claims at least 24 lives

Unlock the Editor’s Digest for freeRoula Khalaf, Editor of the FT, selects…

- Advertisement -
Ad imageAd image

You Might Also Like

Small Business

Why Do We Stay In A Job When We Are Not Happy? Insights To Help You Get The Career You Deserve

By News Room
Small Business

Making A Large Language Model Transparent, Compliant And Reliable

By News Room
Small Business

The Important Initiative For Real Digital Marketing Results

By News Room
Small Business

The Future Of Real Estate

By News Room
Small Business

How AI Is Transforming Healthcare Risk Adjustment

By News Room
Small Business

How Do Hard Knocks Help? 5 Life-Changing Lessons Taught By Adversity

By News Room
Small Business

Lessons Learned From The World’s Most Successful Startups

By News Room
Small Business

Small Business Saturday Encourages Consumers To Shop Small And Local

By News Room
Facebook Twitter Pinterest Youtube Instagram
Company
  • Privacy Policy
  • Terms & Conditions
  • Press Release
  • Contact
  • Advertisement
More Info
  • Newsletter
  • Market Data
  • Credit Cards
  • Videos

Sign Up For Free

Subscribe to our newsletter and don't miss out on our programs, webinars and trainings.

I have read and agree to the terms & conditions
Join Community

2023 © Indepta.com. All Rights Reserved.

YOUR EMAIL HAS BEEN CONFIRMED.
THANK YOU!

Welcome Back!

Sign in to your account

Lost your password?