Over the past few weeks, there have been several discussions on the presence of cyber security in the board room, and the challenges boards are facing when it comes to mitigating security risk.
A recent McKinsey article, “Why senior leaders are the front line against cyberattacks,” spelled out several of these hurdles, one of which is something we hear repeatedly from our customers:
“…cybersecurity risk is difficult to quantify. There’s no single quantitative metric such as value at risk for cybersecurity, making it much harder to communicate the urgency to senior managers and engage them in required decisions. As one chief financial officer told us, “It feels like we’re constantly spending more on security, but I have no idea whether that’s enough or even what it does.””
To make such measurement worthwhile, it needs to be objective and the methods repeatable. It requires lots of data, and many resources – something most organizations don’t have easy access to. Using Security Ratings, companies are able to look at their performance over time, and compare that against peers and competitors to gain tremendous insights about the impact of strategy and investment on their effectiveness.