Published: 31 August 2023
Effective cybersecurity is predicated on a defensible security program. Cybersecurity leaders should use this research to explore the characteristics of, and build, an ongoing security program that is defensible and ensures a balance between protection and the need to run the business.
Included in Full Research
Senior executives are increasingly pressured to demonstrate that their organizations are practicing due diligence in dealing with cybersecurity threats and risks.
Security programs often lack appropriate defensibility at the business level, leading to mistrust and inappropriate business support and investment.
Many security programs still focus on ticking compliance boxes. This keeps them from achieving effective, risk-based security outcomes.
Business leaders continue to treat security as a business inhibitor due to the lack of a defensible security program that links to business outcomes.
A defensible cybersecurity program can provide evidence of adequate diligence after security breaches and support regulatory disclosure requirements.
To view the entire document, log
in or purchase