We’re very excited to announce today that Focal Point Data Risk has commissioned the Cyentia Institute to produce a follow-up installment of the Cyber Balance Sheet report. The original report was published in May of 2017 and analyzed scores of interviews with cybersecurity leaders and Boards of Directors to gather perspectives, characterize key issues, identify possible solutions, and draw these two critical groups of people together through greater understanding and purpose.
Our findings for that research showed that even basic questions on the value of cybersecurity show little consensus; things cited by Board members as most critical fell dead last among CISOs! Given that, key performance indicators sought by each group differed widely as well, inevitably resulting in diminished confidence at the top.
The chart below highlights the dilemma from different perspectives. When asked what information they find most valuable for understanding the cybersecurity posture of the company, Boards crave far more business-relevant reporting than CISOs. While this disparity may not be shocking, clearly a more equitable path forward is needed. The goal of this follow-up study is to find that path and help organizations get started down it.
Figure 1: While both groups want to see better metrics around technical security topics, Boards crave business-level metrics for cybersecurity far more than security leaders do.
And that’s where we need your help. If this topic is of interest or importance to you, we ask that you consider participating in this year’s report. For security leaders, participation will involve providing information about what is reported to the Board about the cybersecurity program. For Board members, non-security executives, risk officers, and legal council, participation will involve reviewing various types of cybersecurity metrics/reports and then sharing your opinion on their clarity, value, usefulness, etc. Any information shared with us will be anonymized and no identifying or sensitive information about you or your organization will be shared with anyone else or included in the published report.
Our research questions for this next edition of the Cyber Balance Sheet report include:
- What information is typically reported to the board? How is it formatted, contextualized, and presented?
- What information is viewed most favorably by Boards and other corporate executives? Can any be shown to increase trust?
- Do reported metrics and/or Board responses to them vary across different types of organizations and board members?
- If so, can a set of guidelines be created such that Board-level reporting is optimized for the organization and audience?
If you would like to participate or would like to know more about what that would involve, please register your interest at the 2018 Cyber Balance Sheet website. Any who participate in the study are eligible to attend the invite-only Cyber Balance Sheet Summit, which will be held at the Nasdaq MarketSite in New York, NY on May 23, 2018.
The Cyentia Institute will be handling the design, data collection, analysis, and writeup for this research. We very much look forward to working with you.