What benchmarks do you consider most valuable for cybersecurity? Can you recommend any favorites you’ve found especially useful?

Security & GRCSecurity Strategy & Roadmap
471 viewscircle icon3 Comments
Sort by:
CISO in Government9 months ago

Benchmarks are generally useful but shouldn't be solely used for informing how 'well' a cyber security team is performing. Benchmarks should be used in conjunction with your organisation's risk appetite, an understanding of organisational culture and cyber risk quantification of high risk areas.

Global 3 x CISO (CISO) in Software9 months ago

benchmarks can be challenging in cybersecurity, recently, using external 'scoring' vendor to benchmark external cybersecurity posture, coupled with internal vulnerability metrics, phishing awareness metrics, as well as a CMM (maturity model) alignment to NIST CSF, we were able to show trending of overall program effectiveness. It took some effort to initial explain and gain understanding from executive team. Was the best we could do in the recent past.

CISO in Software9 months ago

Patching will always be #1 in my experience!

Content you might like

In the next 6 months, which will your company do?

Invest more in eCommerce33%

Maintain the current investment in eCommerce61%

Invest less in eCommerce5%

View Results

Why do you think there are so few mature AI-driven autonomous pentesting solutions on the market, and why does this topic seem to generate more hype than in-depth technical discussion?

Read More Comments

Can you share any tips for new security leaders to identify blind spots in their organization? How have you approached this when starting a new role in the past?

How are you currently managing SIEM costs? Have you found effective ways to actually reduce storage costs for your SIEM?

Read More Comments

What do you think of the current state of collaboration between your org’s IT and infosec teams when it comes to vulnerability patching?

Excellent1%

Very good75%

Good12%

Bad11%

Very bad

View Results