Do you currently report metrics on insider risk mitigation to your board or executive team?

KPIs, Metrics & Reporting Risk Management

Yes - board only11%

Yes - executive team only28%

Yes - both board and executive team32%

No19%

Not yet, but we’re considering it11%

Unsure/other

57 PARTICIPANTS

188 views1 Comment

Sort by:

VP IMIT & CIO3 months ago

We report vulnerabilities, unauthorized cloud services, mandatory information security and privacy training completion rates, and other compliance issues, e.g., data security. Given the emerging dynamic threat landscape, we are constantly considering additional metrics and awareness campaigns.

Content you might like

Does your organisation have a formalised threat hunting programme? If so - what were the key drivers for you in setting one up and what made it successful?

If not - what is stopping you from setting this up?

Do you track access removal time for terminated employees as one of your cyber metrics?

Yes - for all employees47%

Yes - for certain employees45%

No8%

Unsure

View Results

Which cybersecurity metrics do you currently use with your board?

What sorts of failsafe processes/controls, etc, do you rely on to make sure terminated or suspended employees’ access credentials are revoked immediately? Does your org generally rely on direct communications from HR or do you have an HRM or similar system to automate this?

What’s the biggest hurdle to pursuing an identity-first security strategy?

Shadow IT 7%

Lack of centralized access processes18%

Manual access remediation 28%

Lack of for machine identity governance13%

Insufficient automation15%

Legacy tech10%

Lack of org awareness8%

Other

Unsure…

View Results

Do you currently report metrics on insider risk mitigation to your board or executive team?

Sort by:

Content you might like

Does your organisation have a formalised threat hunting programme? If so - what were the key drivers for you in setting one up and what made it successful?

If not - what is stopping you from setting this up?

Do you track access removal time for terminated employees as one of your cyber metrics?

Which cybersecurity metrics do you currently use with your board?

What sorts of failsafe processes/controls, etc, do you rely on to make sure terminated or suspended employees’ access credentials are revoked immediately? Does your org generally rely on direct communications from HR or do you have an HRM or similar system to automate this?

What’s the biggest hurdle to pursuing an identity-first security strategy?

What sets us apart?

Take Your Insights On-the-Go

Do you currently report metrics on insider risk mitigation to your board or executive team?

Sort by:

Content you might like

Does your organisation have a formalised threat hunting programme? If so - what were the key drivers for you in setting one up and what made it successful?If not - what is stopping you from setting this up?

Do you track access removal time for terminated employees as one of your cyber metrics?

Which cybersecurity metrics do you currently use with your board?

What sorts of failsafe processes/controls, etc, do you rely on to make sure terminated or suspended employees’ access credentials are revoked immediately? Does your org generally rely on direct communications from HR or do you have an HRM or similar system to automate this?

What’s the biggest hurdle to pursuing an identity-first security strategy?

What sets us apart?

Take Your Insights On-the-Go

Does your organisation have a formalised threat hunting programme? If so - what were the key drivers for you in setting one up and what made it successful?

If not - what is stopping you from setting this up?