The metrics establish a baseline for peer comparison that is very useful for guiding cybersecurity investments and board oversight. Gartner has defined 16 protection-level outcomes that create a foundation for effective collaboration with boards of directors, CIOs and CFOs. These metrics serve as value levers to manage business-led cybersecurity investments. See early insights from the first-generation benchmark and get a preview of the second generation.
Speaker Bio
Paul Proctor
Distinguished VP Analyst
Paul Proctor is a VP and Distinguished Analyst, and former Chief of Research for Risk and Security at Gartner. He leads CIO research for technology risk, cybersecurity and digital business measurement. Mr. Proctor advises CIOs, executives and boards to manage risk and balance the needs to protect with the needs to run their business. Mr. Proctor's coverage includes board reporting, outcome-driven metrics, risk management, the Cybersecurity Business Value Benchmark, and digital business transformation. His groundbreaking research in risk, value, and cost (RVC) management helps organizations prioritize and invest in the readiness of technology to support their business and mission outcomes. His work on cybersecurity as a business decision helps organizations prioritize and invest in cyber through protection level agreements (PLA) and outcome-driven metrics (ODM). In 2016, he was appointed to the University of California Cyber Risk Advisory Board by former Secretary of Homeland Security and UC President, Janet Napolitano.
Read More
Read Less
Monday, June 05, 2023 / 02:30 PM - 03:00 PM EDT
Drive Cybersecurity Investments With the Gartner Cybersecurity Value Benchmark
Tuesday, June 06, 2023 / 07:15 AM - 08:45 AM EDT
CISO Circle Breakfast: Leadership Exchange: Measure the Real Cost of Cybersecurity
The security budget is only a part of the story describing the real cost of cybersecurity. Other costs include elements like the IT budget, business friction and business partner costs. Measuring the all-in costs for security enables an organization to make better-informed decisions and gain greater control over its security costs.
Wednesday, June 07, 2023 / 10:30 AM - 11:00 AM EDT
Weaponize Risk Appetite with Protection-Level Agreements
Risk appetite fails when expressed in fuzzy, imprecise terms. Repositioning risk appetite in the context of investment and value delivery creates a measurable scale of risk that powers a new type of governance. Concrete assertions of risk appetite make executive decisions binding.