Cybersecurity Benchmarking: Where’s The Data?

Gavin Millard

When it comes to communicating with the C-suite and Board of Directors about their organization’s cyber exposure, few IT and security professionals are happy with the benchmarking data currently available.

The ability to proactively measure and demonstrate how cyber exposure risk changes over time is crucial to communicating the value of cybersecurity investments to the C-suite and Board of Directors. Equally important is the ability to show how an organization’s cyber exposure management efforts compare to that of its peers. Yet, the vast majority of IT and cybersecurity professionals surveyed by Tenable said they’re not happy with the benchmarking data they use to demonstrate the effectiveness of their security program to business leaders.

These are the findings of a poll we conducted during last month’s Infosecurity Europe conference in London. Nearly three quarters (73%) of the 280 IT and security professionals we polled at the event confirmed the importance of using metrics to benchmark their cyber exposure.

The majority of respondents (80%) said they see value in sharing benchmarking data to demonstrate the effectiveness of their security program to the Board of Directors or C-suite. Yet, only 59% of respondents said they currently leverage benchmarking data.

Even more alarming, a fifth of respondents (21%) said they do not currently use any benchmark data when communicating with the Board of Directors or C-suite -- though they would like to do so. Only 18% said they see no value in sharing such data with C-level leadership.

Why Cyber Exposure Benchmarking Matters

In order to understand where an organization is exposed, and determine which cybersecurity efforts are most effective, you need visibility into vulnerabilities and threats. But such visibility is only the beginning. You also need the ability to analyze the data and track the organization’s ability to react appropriately when issues are discovered.

Data showing how your cyber exposure posture has improved over time -- and how it stacks up against that of your industry peers -- allows you to demonstrate the value of your cybersecurity investments and support your requests for additional resources. The ability to share these cyber exposure benchmarks with your C-suite and board helps you improve their understanding of the organization’s risk posture.

The majority of survey respondents (54%) said they are already comparing their organization’s metrics against those of their industry peers. Yet, more than a third of these respondents (35%) say they would like comparative peer data; only 19% said they are happy with the benchmark data available. More than a quarter of respondents (26%) said they don’t currently benchmark against their peers and would like to do so.

What does effective cyber exposure benchmarking look like?

Through our work with cybersecurity professionals, we’ve identified four key questions every organization needs to be able to answer to communicate cyber risk to the business:

  • Where are we exposed?
  • Where should we prioritize efforts based on risk?
  • How are we reducing our exposure over time?
  • How does our cyber hygiene compare to our peers?

We recognize how challenging it is in today’s enterprise environment for you to answer these key questions. You’re faced with a mountain of data, much of it static and drawn from multiple spreadsheets, and you’re expected to turn it into the kinds of insights business leaders can use. Effective cyber exposure benchmarking requires live and holistic visibility across every asset in your organization -- not only your IT assets and cloud infrastructure, but your organization’s internet of things (IoT) tools and industrial control systems.

Cyber exposure benchmarking provides an objective way for you to measure and communicate cyber risk to business leaders, who can then use it to make strategic decisions. Knowing which areas of your business are secure - or exposed - and measuring your organization against a larger set of peer data opens up a whole new set of discussions and decisions about where your organization needs to focus.

Learn more about cyber exposure

Read more >

Published on Jul 30, 2018

People also viewed

Customer Success Manager - ANZ

North Sydney Australia Pacific Highway, North Sydney, Australia, NSW 2060 Customer Success Sales
Your Role:Tenable has an immediate need for a Customer Success Manager who will be responsible for establishing and driving sales activities for our software products within a designated geography.Companies today are grappling with an ever expandi...

Field and Channel Marketing Manager, Nordics and Benelux

Uxbridge United Kingdom Furzeground Way , Stockley Park, Uxbridge, United Kingdom, UB11 1EZ Field & Channel Marketing Marketing
Your Role:Tenable seeks an experienced field and channel marketing manager to generate demand for Tenable products and solutions across our Scandinavia and Benelux territories.  The successful candidate will have demonstrated experience creating, ...

Finance & Investor Relations Intern

Columbia Maryland United States Columbia Gateway Drive, Columbia, Maryland, United States, 21046 Finance Internships
Your Role:Tenable has a Finance and Investor Relations Intern opportunity for college students entering their senior year or actively enrolled in an MBA program. If you're looking for a chance to apply what you're learning in your degree program, ...

Senior Data Engineer

Dublin Ireland Campshires, Sir John Rogerson's Quay, Dublin, Ireland Research Engineering
Your Role:Data Engineers here are involved in designing, developing and maintaining systems for data analysis, transformation, modelling and visualisation. We work directly with the data scientists to develop cutting edge uses of the data we colle...

Technical Support Manager

Columbia Maryland United States Columbia Gateway Drive, Columbia, Maryland, United States, 21046 Technical Support Technical Support
Your Role:Tenable is seeking a high energy, results oriented customer advocate capable of motivating an already exceptional support team to even higher levels of customer satisfaction. Our current global rating is over 93% satisfaction and we expe...

Cloud Security Intern

Columbia Maryland United States Columbia Gateway Drive, Columbia, Maryland, United States, 21046 Information Security Internships
Your Role: The Cloud Security Intern will help the Tenable secure their use of cloud systems across the company.  The intern will develop, implement and monitor security solutions for cloud that assess risk, keep Tenable data safe and bake in secu...

We have big plans for continued global growth, and we’re looking for people who are creative, flexible and dedicated to helping us build something great – something that matters.