When presenting to the board on security, which are more impactful: leading indicators or trailing indicators?

Board EngagementKPIs, Metrics & ReportingSecurity Strategy & Roadmap
750 views3 Comments
Founder/Chairman/CTO in Telecommunication, 201 - 500 employees
Leading indicators versus trailing indicators is the biggest thing in the private space, which is where I have all of my experience at this point, so there's a bit of bias there. But boards are looking for leading indicators. If you're talking about trailing indicators, they're useful in as much as they confirm a thing that you planned to do in the past, so it's attainment to target. For example, let’s say you wanted to implement MFA and have 99% usage across the organization. You slated that for Q1 and hit the target early in terms of proactively rolling forward and hitting these projects on time, on budget and to plan. The more of that stuff you can surface, the better.
1
Director of IT in Education, 5,001 - 10,000 employees
Leading indicators are more impactful to the board, showing the security measures implemented and the effectiveness, by showing security metrics results. Trailing indicators can show the contrast of security in place currently against the past.
Senior Manager - IT Governance in Healthcare and Biotech, 201 - 500 employees
Both lead and lag indicators serve a purpose...reliance on only one could skew the picture. I believe a balanced approach to be more beneficial...show a bit of both (learn from the past to inform the future, and learn from environmental analysis to inform decisions)

Content you might like

How would you rate your current patching processes?

Threat & Vulnerability ManagementSecurity Strategy & RoadmapProcess Management

Excellent9%

Very good54%

Good25%

Fair / acceptable9%

Poor1%

Very poor0%


313 PARTICIPANTS
866 views

CRQ is essential for effective risk-based decision making.

Risk ManagementSecurity Strategy & RoadmapGovernance, Risk & Compliance

Strongly agree4%

Agree68%

Neutral24%

Disagree2%

Strongly disagree0%


185 PARTICIPANTS
918 views

Did anyone else catch this stat on Crunchbase: "M&A deal-making in the cybersecurity space continues to slow with only 13 deals announced for VC-backed startups in the first quarter of the year"  Do you think the decrease in cybersecurity M&A is going to impact innovation or could it lead to consolidation in terms of vendor offerings (that is perhaps a needed change)?

Security Strategy & RoadmapSecurity & GRCInnovation
Read More Comments
1.2k views1 Upvote4 Comments

What's a quick win for optimizing spend? What's been your focus or "lowest hanging fruit"?

People & LeadershipStrategy & ArchitectureCloud+28 more
Read More Comments
1.5k views4 Upvotes3 Comments

If you had a magic wand - what's the #1 daily business challenge you'd eliminate?

People & LeadershipStrategy & ArchitectureCloud+57 more
CTO in Software, 201 - 500 employees
Without a doubt - Technical Debt! It's a ball and chain that creates an ever increasing drag on any organization, stifles innovation, and prevents transformation.
143 19 Replies
Read More Comments
48.6k views133 Upvotes326 Comments