Which cybersecurity program metrics are you presenting to your respective boards? What are the hot topics of interest for 2025?

Security Strategy & RoadmapBoard Engagement
846 viewscircle icon4 Comments
Sort by:
CISO in Software8 months ago

Insider risks and DLP effectiveness is the hot new topic in 2025 for Boards.

2 Replies
no title8 months ago

What metrics do you use to show effectiveness of insider risk mitigation?

no title8 months ago

I would love to see some examples that organizations are using

Lightbulb on1
Director of Information Security in Healthcare and Biotech8 months ago

Typical Cyber Metrics are phishing clicks, incidents, security awareness trainings and of course key risks. 

Content you might like

As part of our NYSE IPO prep, we’re debating how to communicate our system hardening efforts in regulatory disclosures (e.g., SEC Form 20-F, SFC).

Would you recommend sharing % compliance (e.g., “85% CIS Tier 2”) or sticking to qualitative descriptions of how we identify and mitigate risks? Also, do SFC/ISO 27001 expectations require full ISMS integration, or is a % model acceptable?

What are your top priorities for Identity & Access Management (IAM)?

Privileged access management (PAM)41%

User authentication (e.g., passwordless, MFA, biometrics)72%

Machine identity management (e.g., keys, certificates, secrets)38%

Mobile & IoT authentication18%

Cloud IAM & Governance18%

View Results

What are some of the main factors contributing to stress while working in cybersecurity?

Inadequate work-life balance38%

Lack of practicing self-care40%

Shortage of staff and resources56%

Keeping up with an influx of threats/alerts/incidents45%

Pressure from colleagues and management35%

Work culture that prevents open and honest conversations19%

Other – comment below

View Results

I'm looking to go for the Certified CISO certification & training as I'm an aspiring CISO. Any recommendations and additional certifications that I should be doing along with that? I already have CISSP. 

Read More Comments

As organizations deploy LLMs and other AI systems, how do you recommend security teams address risks such as data leakage, prompt injection and adversarial manipulation? What frameworks or practices should be prioritized to make AI security programs resilient from day one?