Do you currently report metrics on insider risk mitigation to your board or executive team?

Risk ManagementKPIs, Metrics & Reporting

Yes - board only13%

Yes - executive team only30%

Yes - both board and executive team30%

No17%

Not yet, but we’re considering it10%

Unsure/other

63 PARTICIPANTS
219 viewscircle icon1 Comment
Sort by:
VP IMIT & CIO9 months ago

We report vulnerabilities, unauthorized cloud services, mandatory information security and privacy training completion rates, and other compliance issues, e.g., data security. Given the emerging dynamic threat landscape, we are constantly considering additional metrics and awareness campaigns.

Content you might like

Can you share any effective processes/strategies you’ve used to integrate cyber risk management and enterprise risk management at your org?

Read More Comments

What cyber security metrics are CISOs of listed companies reporting to the audit committee of the supervisory board?

Read More Comments

Have you implemented measures to defend against device code phishing?

Yes52%

We’re working on it45%

No/not yet3%

View Results

Do you use an ERM-system that also includes cyber security risk management? What tools or systems do you use?

Read More Comments

Which primary technology do you currently implement for log management, security monitoring, and enterprise situational awareness?

SIEM only10%

SIEM and End Point Protection69%

XDR basic core components42%

XDR full suite (SOAR, UEBA, NBAD/NTA, etc) with End Point Protection29%

None, as I don't need to. Please explain in a reply to this question7%

None, as I was not aware I needed to.1%

View Results