Gartner research shows that 88% of boards now regard cybersecurity as a business risk, rather than a technology risk. However, decision-makers struggle to implement business-led cybersecurity investments. They often conflate cybersecurity spending with protection and ask, “How much should we spend on cybersecurity?”
Speaker Bio
Paul Proctor
Distinguished VP Analyst
Paul Proctor is a VP and Distinguished Analyst, and former Chief of Research for Risk and Security at Gartner. He leads CIO research for technology risk, cybersecurity and digital business measurement. Mr. Proctor advises CIOs, executives and boards to manage risk and balance the needs to protect with the needs to run their business. Mr. Proctor's coverage includes board reporting, outcome-driven metrics, risk management, the Cybersecurity Business Value Benchmark, and digital business transformation. His groundbreaking research in risk, value, and cost (RVC) management helps organizations prioritize and invest in the readiness of technology to support their business and mission outcomes. His work on cybersecurity as a business decision helps organizations prioritize and invest in cyber through protection level agreements (PLA) and outcome-driven metrics (ODM). In 2016, he was appointed to the University of California Cyber Risk Advisory Board by former Secretary of Homeland Security and UC President, Janet Napolitano.
Read More
Read Less
Tuesday, 26 September, 2023 / 02:30 PM - 03:00 PM BST
How Much You Should Spend on Cybersecurity in Three Steps
Wednesday, 27 September, 2023 / 12:00 PM - 12:30 PM BST
Drive Cybersecurity Investments With the Gartner Cybersecurity Value Benchmark
The metrics establish a baseline for peer comparison that is very useful for guiding cybersecurity investments and board oversight. Gartner has defined 16 protection-level outcomes that create a foundation for effective collaboration with boards of directors, CIOs and CFOs. These metrics serve as value levers to manage business-led cybersecurity investments. See early insights from the first-generation benchmark and get a preview of the second generation.
Thursday, 28 September, 2023 / 10:30 AM - 11:00 AM BST
Guide SecOps With Protection Level Outcomes
Security operation centers (SOC) are the tip of the detection and response spear. Guiding SecOps investment with outcome-driven metrics (ODM) will sharpen time to contain, time to remediate and efficiency. ODMs are easily linked back to broader cyber program outcomes and investments to create a roadmap for SecOps business value. We will share a list of ODMs and an outcome-based approach to SecOps investment.