Do you currently report metrics on insider risk mitigation to your board or executive team?
Yes - board only12%
Yes - executive team only28%
Yes - both board and executive team32%
No18%
Not yet, but we’re considering it10%
Unsure/other
60 PARTICIPANTS
We report vulnerabilities, unauthorized cloud services, mandatory information security and privacy training completion rates, and other compliance issues, e.g., data security. Given the emerging dynamic threat landscape, we are constantly considering additional metrics and awareness campaigns.