Tenable releases findings of survey
on cybersecurity benchmarking
he findings of a study
conducted by Tenable on
companies’ use of benchmark
data have been revealed. The study
found that nearly three quarters
(73%) of the 280 IT and security
professionals polled at this year’s
Infosecurity Europe event confirmed
the importance of using metrics to
benchmark their cyberexposure.
data available. More than a quarter
of respondents (26%) said they don’t
currently benchmark against their peers
and would like to do so.
T
A fifth of respondents (21%) said they did
not currently use any benchmark data
when communicating with the board of
directors or c-suite – although they would
like to do so. Only 18% said they saw no
value in sharing such data with c-level
leadership and the majority of survey
respondents (54%) said they were already
comparing their organisation’s metrics
against those of their industry peers.
Speaking about the findings, Tenable’s
Technical Director, Gavin Millard, said:
“The ability to proactively measure
and demonstrate how cyberexposure
risk changes over time is crucial
to communicating the value of
cybersecurity investments to the c-suite
and board of directors.
Tenable’s Technical Director, Gavin Millard
Yet, more than a third of these
respondents (35%) say they would like
comparative peer data; only 19% said
they are happy with the benchmark
“Equally important is the ability to show
how an organisation’s cyberexposure
management efforts compare to that of
its peers. Yet, the vast majority of IT and
cybersecurity professionals surveyed
by Tenable said they’re not happy with
the benchmarking data they use to
demonstrate the effectiveness of their
security programme to business leaders.
“In order to understand where an
organisation is exposed, and determine
which cybersecurity efforts are most
effective, you need visibility into
vulnerabilities and threats. But such
visibility is only the beginning. You also
need the ability to analyse the data and
track the organisation’s ability to react
appropriately when issues are discovered.
“Data showing how your cyberexposure
posture has improved over time –
and how it stacks up against that
of your industry peers – allows you
to demonstrate the value of your
cybersecurity investments and support
your requests for additional resources.
The ability to share these cyberexposure
benchmarks with your c-suite and board
helps you improve their understanding of
the organisation’s risk posture.” u
60
Issue 05
|
www.intelligentciso.com