By using this site, you agree to the Privacy Policy and Terms of Use.
Accept

Your #1 guide to start a business and grow it the right way…

BuckheadFunds

  • Home
  • Startups
  • Start A Business
    • Business Plans
    • Branding
    • Business Ideas
    • Business Models
    • Fundraising
  • Growing a Business
  • Funding
  • More
    • Tax Preparation
    • Leadership
    • Marketing
Subscribe
Aa
BuckheadFundsBuckheadFunds
  • Startups
  • Start A Business
  • Growing a Business
  • Funding
  • Leadership
  • Marketing
  • Tax Preparation
Search
  • Home
  • Startups
  • Start A Business
    • Business Plans
    • Branding
    • Business Ideas
    • Business Models
    • Fundraising
  • Growing a Business
  • Funding
  • More
    • Tax Preparation
    • Leadership
    • Marketing
Made by ThemeRuby using the Foxiz theme Powered by WordPress
BuckheadFunds > Startups > A Reality Check Around Cybersecurity Benchmarking

A Reality Check Around Cybersecurity Benchmarking

News Room By News Room August 12, 2023 5 Min Read
Share

Founder & CEO, Corix Partners | Author “The Cybersecurity Leadership Handbook for the CISO and the CEO” | Board Advisor | Non-Exec Director

For as long as I have been involved in cybersecurity, I have heard top executives asking for benchmarking data around their cybersecurity practice. It might have been in terms of maturity, security spending or frequency of breaches, but “how are the others doing” has always been a fairly common question.

I think this goes way beyond “herd mentality,” and context is key to positioning the right answer. So before going any further, CISOs facing this type of situation must ask themselves where the concern is coming from.

Consider the context.

If the question is coming up in a context of budgetary or strategic orientation discussions, it often reflects a need for reassurance, if not plain discomfort, with regard to what is being proposed.

Top executives should know that each organization is different, even across the same industry (many would have built their careers moving from one firm to another across that spectrum).

They should also understand that differences in cyber maturity and risk appetite can drive different approaches and that organizations don’t easily share sufficient quantitative data at that level to allow meaningful comparisons: They—themselves—may not be comfortable seeing disclosed to competitors how much they are budgeting for cybersecurity for example.

Companies typically don’t have enough data for an accurate comparison.

The objective could be to drive the CISO’s ambitions up or down, but in most cases, the benchmarking question is politically loaded, and it has never been a simple one to answer quantitatively with any degree of accuracy.

I’ve noticed most CISOs have historically tried to address it in a qualitative manner based on anecdotal evidence gathered at conferences or through industry forums, but window-dressing a few anecdotal data points to make them look bigger than they are can be a dangerous and misleading game.

Only a small number of very large management consulting firms might have the necessary elements of data—or the reach to collect it. But even that reach is likely to be limited to the large firms able to afford their services, and they will have to anonymize or aggregate the findings to respect the confidentiality of their clients.

CISOs might be better off in many cases by sidestepping the question. For most firms, there is simply no defendable, sufficiently accurate, quantitative answer to the cybersecurity benchmarking question.

CISOs should focus instead on the underlying motivation of the senior executives behind the question.

Trust between executives is of paramount importance to any transformative initiative around cybersecurity, and the benchmarking question could be a symptom of trust erosion. That’s a far more serious matter to address than the collection of illusory comparative data.

Trust—at this level—will have its foundations in mutual respect, and that has to start for the CISO by listening to the real priorities and constraints of the leadership team and understanding the implications these may have on cybersecurity orientations, for good or for bad.

They will have to elevate their game to look convincingly beyond the tech horizon and showcase their understanding of the key governance and management matters at the heart of the cross-functional nature of cybersecurity in large firms.

As the “when-not-if” paradigm around cyberattacks becomes prevalent across the boardroom, CISOs must also focus their attention on demonstrating their long-term ability to execute transformative measures and stop relying only on their short-term firefighting skills to build up their case.

It is likely that benchmarking will cease to be a concern for senior executives if they have the sense cybersecurity is in firm hands and driven in a direction that matches their expectations and the needs of the firm.

Forbes Business Council is the foremost growth and networking organization for business owners and leaders. Do I qualify?

Read the full article here

News Room August 12, 2023 August 12, 2023
Share This Article
Facebook Twitter Copy Link Print
Previous Article 16 Tips For Long-Term Collaboration With High-Level Assistants
Next Article Dwyane Wade on Retirement, Business and the NBA Hall of Fame
Leave a comment Leave a comment

Leave a Reply Cancel reply

Your email address will not be published. Required fields are marked *

Wake up with our popular morning roundup of the day's top startup and business stories

Stay Updated

Get the latest headlines, discounts for the military community, and guides to maximizing your benefits
Subscribe

Top Picks

The PR Playbook Every Startup Needs — But No One Talks About
July 15, 2025
6 Ways to Start a Corporate Social Responsibility Program With Real Impact
July 15, 2025
‘People Are Going to Die’: A Malnutrition Crisis Looms in the Wake of USAID Cuts
July 15, 2025
How Young People Earn 5 Figures Without a 9-5 Job: Report
July 15, 2025
Coworking with Scott Morris
July 15, 2025

You Might Also Like

‘People Are Going to Die’: A Malnutrition Crisis Looms in the Wake of USAID Cuts

Startups

Tornado Cash Made Crypto Anonymous. Now One of Its Creators Faces Trial

Startups

Linda Yaccarino Tried to Tame X. Now She’s Out as CEO

Startups

The Teens Are Taking Waymos Now

Startups

© 2024 BuckheadFunds. All Rights Reserved.

Helpful Links

  • Privacy Policy
  • Terms of use
  • Press Release
  • Advertise
  • Contact

Resources

  • Start A Business
  • Funding
  • Growing a Business
  • Leadership
  • Marketing

Popuplar

Franchise Success Starts at The Local Level — Here’s Why
Why Waiting for Monthly Financial Reports Is Creating Blind Spots and Slowing Your Growth
Tornado Cash Made Crypto Anonymous. Now One of Its Creators Faces Trial

We provide daily business and startup news, benefits information, and how to grow your small business, follow us now to get the news that matters to you.

Welcome Back!

Sign in to your account

Lost your password?