What benchmarks do you consider most valuable for cybersecurity? Can you recommend any favorites you’ve found especially useful?

471 viewscircle icon3 Comments
Sort by:
CISO in Government9 months ago

Benchmarks are generally useful but shouldn't be solely used for informing how 'well' a cyber security team is performing. Benchmarks should be used in conjunction with your organisation's risk appetite, an understanding of organisational culture and cyber risk quantification of high risk areas.

Global 3 x CISO (CISO) in Software9 months ago

benchmarks can be challenging in cybersecurity, recently, using external 'scoring' vendor to benchmark external cybersecurity posture, coupled with internal vulnerability metrics, phishing awareness metrics, as well as a CMM (maturity model) alignment to NIST CSF, we were able to show trending of overall program effectiveness. It took some effort to initial explain and gain understanding from executive team. Was the best we could do in the recent past.

CISO in Software9 months ago

Patching will always be #1 in my experience!

Content you might like

Invest more in eCommerce33%

Maintain the current investment in eCommerce61%

Invest less in eCommerce5%

View Results

Excellent1%

Very good75%

Good12%

Bad11%

Very bad

View Results