What cyber security metrics are CISOs of listed companies reporting to the audit committee of the supervisory board?

740 views1 Upvote3 Comments

Sort by:

CISO in Insurance (except health)a month ago

All top executives are concerned about translating risks into monetary terms. Therefore, Cyber Risk Quantification, along with other key metrics aligned to NIST, is essential.

Director of Information Security in Healthcare and Biotecha month ago

If it helps, board gets something like below..

Residual Risk Scores (heatmap and trend view)
Top 5 Threats (e.g., phishing, malware, supply chain attacks)
Incident Response Metrics
Capability Maturity & Strategic Alignment
Trends

1 1 Reply

no titlea month ago

that's helpful, many thanks

Content you might like

Cyber insurance is a must-have for any business.

Strongly agree13%

Agree52%

Neutral26%

Disagree2%

Strongly disagree3%

Unsure (explain in the comments)1%

View Results

There has been an upswell in demand for the use of MCP servers for our development community. What security criteria and considerations do you use for performing a security review, hardening and approval process?

The use of Generative AI in the textile and industrial sectors — for instance in fashion companies or in the creation of marketing content — carries significant risks if not supported by adequate detection and risk management tools. Generative models may unintentionally incorporate elements protected by intellectual property rights, such as registered styles, patented designs, or content belonging to other fashion houses.

A notable example is the “Studio Ghibli” case, where AI-generated works reproduced distinctive, protected features.

In this context, how should Risk Managers equip themselves to prevent and mitigate such risks, ensuring innovation while avoiding legal violations and reputational damage?

Has anyone drafted an SOW for a cloud-based SIEM with setup, migration, and maintenance? I’m working on a FedRAMP-authorized SIEM SOW, migrating from on-prem Splunk, covering data, searches, alerts, dashboards, and models. Scope includes Environment Setup: Cloud provisioning, configuration, testing. Connectors/Parsers: Custom data source integration. Content Development: Rules, use cases, threat feeds. Performance Tuning: Query/index optimization. Runbooks: Operational procedures. Also required: 24x7 support, maintenance, lifecycle and application management, role-based training, and documentation. Must comply with NIST SP 800-53, CJIS, and FedRAMP Moderate+. Goal: Secure, scalable SIEM for rapid deployment. I may be missing elements, so suggestions are welcome. Please share redacted SOWs or tips if possible.

On average, how many phishing messages do you receive per week? (Includes email, SMS, voicemails, etc.)

0-111%

2-565%

6-1015%

11 or more7%

View Results

What cyber security metrics are CISOs of listed companies reporting to the audit committee of the supervisory board?

Sort by:

Content you might like

Cyber insurance is a must-have for any business.

There has been an upswell in demand for the use of MCP servers for our development community. What security criteria and considerations do you use for performing a security review, hardening and approval process?

On average, how many phishing messages do you receive per week? (Includes email, SMS, voicemails, etc.)

What sets us apart?

RELATED ONE-MINUTE INSIGHTS

How are U.S. CISOs Addressing Liability Risk?

CrowdStrike Outage: Impact And Recovery

Impact & Perceptions of A Privacy-First Digital Era

Challenges & Tools For A Privacy-First Internet Age

IT and Infosec Collaboration on Vulnerability Patching

Take Your Insights On-the-Go