Do you currently report metrics on insider risk mitigation to your board or executive team?

Risk Management KPIs, Metrics & Reporting

Yes - board only11%

Yes - executive team only31%

Yes - both board and executive team31%

No18%

Not yet, but we’re considering it10%

Unsure/other

62 PARTICIPANTS

215 views1 Comment

Sort by:

VP IMIT & CIO7 months ago

We report vulnerabilities, unauthorized cloud services, mandatory information security and privacy training completion rates, and other compliance issues, e.g., data security. Given the emerging dynamic threat landscape, we are constantly considering additional metrics and awareness campaigns.

Content you might like

Do you use an ERM-system that also includes cyber security risk management? What tools or systems do you use?

Does your zero trust strategy currently include legacy systems?

Yes32%

Only some legacy systems30%

Not yet - we’re working on it31%

No4%

Other2%

View Results

How do you demonstrate IT's strategic value? What metrics, outcomes, or reporting mechanisms have proven most effective for showing that IT is a driver of competitive advantage and growth?

What are some best practices to follow when your organization is preparing to end a vendor relationship? What can you do to minimize the operational disruption that would result?

Have you deployed a solution for business email compromise protection?

Yes, already deployed29%

Deployment is in progress53%

Not yet, but planning to deploy10%

No plans to deploy BEC protection7%

Don’t know/other