{"id":9248,"date":"2023-08-12T07:05:17","date_gmt":"2023-08-12T07:05:17","guid":{"rendered":"https:\/\/mysourcefunding.com\/startups\/a-reality-check-around-cybersecurity-benchmarking\/"},"modified":"2023-08-12T07:05:18","modified_gmt":"2023-08-12T07:05:18","slug":"a-reality-check-around-cybersecurity-benchmarking","status":"publish","type":"post","link":"https:\/\/mysourcefunding.com\/?p=9248","title":{"rendered":"A Reality Check Around Cybersecurity Benchmarking"},"content":{"rendered":"<div>\n<p><em>Founder &amp; CEO, <\/em><em data-ga-track=\"ExternalLink:https:\/\/corixpartners.com\/\">Corix Partners<\/em><em> | Author &#8220;The Cybersecurity Leadership Handbook for the CISO and the CEO&#8221; | Board Advisor | Non-Exec Director<\/em><\/p>\n<p>For as long as I have been involved in cybersecurity, I have heard top executives asking for benchmarking data around their cybersecurity practice. It might have been in terms of maturity, security spending or frequency of breaches, but \u201chow are the others doing\u201d has always been a fairly common question.<\/p>\n<p>I think this goes way beyond \u201cherd mentality,\u201d and context is key to positioning the right answer. So before going any further, CISOs facing this type of situation must ask themselves where the concern is coming from.<\/p>\n<h2 class=\"subhead-embed color-accent bg-base font-accent font-size text-align\">Consider the context.<\/h2>\n<p>If the question is coming up in a context of budgetary or strategic orientation discussions, it often reflects a need for reassurance, if not plain discomfort, with regard to what is being proposed.<\/p>\n<p><fbs-ad position=\"inread\" progressive=\"\" ad-id=\"article-0-inread\" aria-hidden=\"true\" role=\"presentation\"><\/fbs-ad><\/p>\n<p>Top executives should know that each organization is different, even across the same industry (many would have built their careers moving from one firm to another across that spectrum).<\/p>\n<p>They should also understand that differences in cyber maturity and risk appetite can drive different approaches and that organizations don\u2019t easily share sufficient quantitative data at that level to allow meaningful comparisons: They\u2014themselves\u2014may not be comfortable seeing disclosed to competitors how much they are budgeting for cybersecurity for example.<\/p>\n<h2 class=\"subhead-embed color-accent bg-base font-accent font-size text-align\">Companies typically don&#8217;t have enough data for an accurate comparison.<\/h2>\n<p>The objective could be to drive the CISO\u2019s ambitions up or down, but in most cases, the benchmarking question is politically loaded, and it has never been a simple one to answer quantitatively with any degree of accuracy.<\/p>\n<p>I&#8217;ve noticed most CISOs have historically tried to address it in a qualitative manner based on anecdotal evidence gathered at conferences or through industry forums, but window-dressing a few anecdotal data points to make them look bigger than they are can be a dangerous and misleading game.<\/p>\n<p>Only a small number of very large management consulting firms might have the necessary elements of data\u2014or the reach to collect it. But even that reach is likely to be limited to the large firms able to afford their services, and they will have to anonymize or aggregate the findings to respect the confidentiality of their clients.<\/p>\n<p>CISOs might be better off in many cases by sidestepping the question. For most firms, there is simply no defendable, sufficiently accurate, quantitative answer to the cybersecurity benchmarking question.<\/p>\n<h2 class=\"subhead-embed color-accent bg-base font-accent font-size text-align\">CISOs should focus instead on the underlying motivation of the senior executives behind the question.<\/h2>\n<p>Trust between executives is of paramount importance to any transformative initiative around cybersecurity, and the benchmarking question could be a symptom of trust erosion. That\u2019s a far more serious matter to address than the collection of illusory comparative data.<\/p>\n<p>Trust\u2014at this level\u2014will have its foundations in mutual respect, and that has to start for the CISO by listening to the real priorities and constraints of the leadership team and understanding the implications these may have on cybersecurity orientations, for good or for bad.<\/p>\n<p>They will have to elevate their game to look convincingly beyond the tech horizon and showcase their understanding of the key governance and management matters at the heart of the cross-functional nature of cybersecurity in large firms.<\/p>\n<p>As the \u201cwhen-not-if\u201d paradigm around cyberattacks becomes prevalent across the boardroom, CISOs must also focus their attention on demonstrating their long-term ability to execute transformative measures and stop relying only on their short-term firefighting skills to build up their case.<\/p>\n<p>It is likely that benchmarking will cease to be a concern for senior executives if they have the sense cybersecurity is in firm hands and driven in a direction that matches their expectations and the needs of the firm.<\/p>\n<p>Forbes Business Council is the foremost growth and networking organization for business owners and leaders. <em data-ga-track=\"InternalLink:https:\/\/councils.forbes.com\/qualify?utm_source=forbes.com&amp;utm_medium=referral&amp;utm_campaign=forbes-links&amp;utm_term=fbc&amp;utm_content=in-article-ad-links\">Do I qualify?<\/em><\/p>\n<\/div>\n<p>Read the full article <a href=\"https:\/\/www.forbes.com\/sites\/forbesbusinesscouncil\/2023\/08\/11\/a-reality-check-around-cybersecurity-benchmarking\/\" target=\"_blank\" rel=\"noopener\">here<\/a><\/p>\n","protected":false},"excerpt":{"rendered":"<p>Founder &amp; CEO, Corix Partners | Author &#8220;The Cybersecurity Leadership Handbook for the CISO and the CEO&#8221; | Board Advisor | Non-Exec Director For as long as I have been involved in cybersecurity, I have heard top executives asking for benchmarking data around their cybersecurity practice. It might have been in terms of maturity, security [&hellip;]<\/p>\n","protected":false},"author":1,"featured_media":9249,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"content-type":"","footnotes":""},"categories":[77],"tags":[],"class_list":{"0":"post-9248","1":"post","2":"type-post","3":"status-publish","4":"format-standard","5":"has-post-thumbnail","7":"category-startups"},"yoast_head":"<!-- This site is optimized with the Yoast SEO plugin v20.9 - https:\/\/yoast.com\/wordpress\/plugins\/seo\/ -->\n<title>A Reality Check Around Cybersecurity Benchmarking | Brandiary<\/title>\n<meta name=\"description\" content=\"Founder &amp; CEO, Corix Partners | Author &quot;The Cybersecurity Leadership Handbook for the CISO and the CEO&quot; | Board Advisor | Non-Exec Director For as\" \/>\n<meta name=\"robots\" content=\"index, follow, max-snippet:-1, max-image-preview:large, max-video-preview:-1\" \/>\n<link rel=\"canonical\" href=\"https:\/\/mysourcefunding.com\/?p=9248\" \/>\n<meta property=\"og:locale\" content=\"en_US\" \/>\n<meta property=\"og:type\" content=\"article\" \/>\n<meta property=\"og:title\" content=\"A Reality Check Around Cybersecurity Benchmarking | Brandiary\" \/>\n<meta property=\"og:description\" content=\"Founder &amp; CEO, Corix Partners | Author &quot;The Cybersecurity Leadership Handbook for the CISO and the CEO&quot; | Board Advisor | Non-Exec Director For as\" \/>\n<meta property=\"og:url\" content=\"https:\/\/mysourcefunding.com\/?p=9248\" \/>\n<meta property=\"og:site_name\" content=\"Brandiary\" \/>\n<meta property=\"article:published_time\" content=\"2023-08-12T07:05:17+00:00\" \/>\n<meta property=\"article:modified_time\" content=\"2023-08-12T07:05:18+00:00\" \/>\n<meta property=\"og:image\" content=\"https:\/\/mysourcefunding.com\/wp-content\/uploads\/2023\/08\/1691823918_0x0.jpg\" \/>\n\t<meta property=\"og:image:width\" content=\"1200\" \/>\n\t<meta property=\"og:image:height\" content=\"800\" \/>\n\t<meta property=\"og:image:type\" content=\"image\/jpeg\" \/>\n<meta name=\"author\" content=\"News Room\" \/>\n<meta name=\"twitter:card\" content=\"summary_large_image\" \/>\n<meta name=\"twitter:label1\" content=\"Written by\" \/>\n\t<meta name=\"twitter:data1\" content=\"News Room\" \/>\n\t<meta name=\"twitter:label2\" content=\"Est. reading time\" \/>\n\t<meta name=\"twitter:data2\" content=\"3 minutes\" \/>\n<script type=\"application\/ld+json\" class=\"yoast-schema-graph\">{\"@context\":\"https:\/\/schema.org\",\"@graph\":[{\"@type\":\"Article\",\"@id\":\"https:\/\/mysourcefunding.com\/?p=9248#article\",\"isPartOf\":{\"@id\":\"https:\/\/mysourcefunding.com\/?p=9248\"},\"author\":{\"name\":\"News Room\",\"@id\":\"https:\/\/mysourcefunding.com\/#\/schema\/person\/5062dafb0f932b59aa228f1a047332f4\"},\"headline\":\"A Reality Check Around Cybersecurity Benchmarking\",\"datePublished\":\"2023-08-12T07:05:17+00:00\",\"dateModified\":\"2023-08-12T07:05:18+00:00\",\"mainEntityOfPage\":{\"@id\":\"https:\/\/mysourcefunding.com\/?p=9248\"},\"wordCount\":655,\"commentCount\":0,\"publisher\":{\"@id\":\"https:\/\/mysourcefunding.com\/#organization\"},\"articleSection\":[\"Startups\"],\"inLanguage\":\"en-US\",\"potentialAction\":[{\"@type\":\"CommentAction\",\"name\":\"Comment\",\"target\":[\"https:\/\/mysourcefunding.com\/?p=9248#respond\"]}]},{\"@type\":\"WebPage\",\"@id\":\"https:\/\/mysourcefunding.com\/?p=9248\",\"url\":\"https:\/\/mysourcefunding.com\/?p=9248\",\"name\":\"A Reality Check Around Cybersecurity Benchmarking | Brandiary\",\"isPartOf\":{\"@id\":\"https:\/\/mysourcefunding.com\/#website\"},\"datePublished\":\"2023-08-12T07:05:17+00:00\",\"dateModified\":\"2023-08-12T07:05:18+00:00\",\"description\":\"Founder &amp; CEO, Corix Partners | Author \\\"The Cybersecurity Leadership Handbook for the CISO and the CEO\\\" | Board Advisor | Non-Exec Director For as\",\"breadcrumb\":{\"@id\":\"https:\/\/mysourcefunding.com\/?p=9248#breadcrumb\"},\"inLanguage\":\"en-US\",\"potentialAction\":[{\"@type\":\"ReadAction\",\"target\":[\"https:\/\/mysourcefunding.com\/?p=9248\"]}]},{\"@type\":\"BreadcrumbList\",\"@id\":\"https:\/\/mysourcefunding.com\/?p=9248#breadcrumb\",\"itemListElement\":[{\"@type\":\"ListItem\",\"position\":1,\"name\":\"Home\",\"item\":\"https:\/\/mysourcefunding.com\/\"},{\"@type\":\"ListItem\",\"position\":2,\"name\":\"A Reality Check Around Cybersecurity Benchmarking\"}]},{\"@type\":\"WebSite\",\"@id\":\"https:\/\/mysourcefunding.com\/#website\",\"url\":\"https:\/\/mysourcefunding.com\/\",\"name\":\"Brandiary\",\"description\":\"Latest Business and Startup News and Updates\",\"publisher\":{\"@id\":\"https:\/\/mysourcefunding.com\/#organization\"},\"potentialAction\":[{\"@type\":\"SearchAction\",\"target\":{\"@type\":\"EntryPoint\",\"urlTemplate\":\"https:\/\/mysourcefunding.com\/?s={search_term_string}\"},\"query-input\":\"required name=search_term_string\"}],\"inLanguage\":\"en-US\"},{\"@type\":\"Organization\",\"@id\":\"https:\/\/mysourcefunding.com\/#organization\",\"name\":\"Brandiary\",\"url\":\"https:\/\/mysourcefunding.com\/\",\"logo\":{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\/\/mysourcefunding.com\/#\/schema\/logo\/image\/\",\"url\":\"https:\/\/mysourcefunding.com\/wp-content\/uploads\/2023\/06\/b-logo-1.png\",\"contentUrl\":\"https:\/\/mysourcefunding.com\/wp-content\/uploads\/2023\/06\/b-logo-1.png\",\"width\":381,\"height\":100,\"caption\":\"Brandiary\"},\"image\":{\"@id\":\"https:\/\/mysourcefunding.com\/#\/schema\/logo\/image\/\"}},{\"@type\":\"Person\",\"@id\":\"https:\/\/mysourcefunding.com\/#\/schema\/person\/5062dafb0f932b59aa228f1a047332f4\",\"name\":\"News Room\",\"image\":{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\/\/mysourcefunding.com\/#\/schema\/person\/image\/\",\"url\":\"https:\/\/mysourcefunding.com\/wp-content\/uploads\/2023\/06\/avatar_user_1_1688031660-96x96.png\",\"contentUrl\":\"https:\/\/mysourcefunding.com\/wp-content\/uploads\/2023\/06\/avatar_user_1_1688031660-96x96.png\",\"caption\":\"News Room\"},\"sameAs\":[\"https:\/\/mysourcefunding.com\"],\"url\":\"https:\/\/mysourcefunding.com\/?author=1\"}]}<\/script>\n<!-- \/ Yoast SEO plugin. -->","yoast_head_json":{"title":"A Reality Check Around Cybersecurity Benchmarking | Brandiary","description":"Founder &amp; CEO, Corix Partners | Author \"The Cybersecurity Leadership Handbook for the CISO and the CEO\" | Board Advisor | Non-Exec Director For as","robots":{"index":"index","follow":"follow","max-snippet":"max-snippet:-1","max-image-preview":"max-image-preview:large","max-video-preview":"max-video-preview:-1"},"canonical":"https:\/\/mysourcefunding.com\/?p=9248","og_locale":"en_US","og_type":"article","og_title":"A Reality Check Around Cybersecurity Benchmarking | Brandiary","og_description":"Founder &amp; CEO, Corix Partners | Author \"The Cybersecurity Leadership Handbook for the CISO and the CEO\" | Board Advisor | Non-Exec Director For as","og_url":"https:\/\/mysourcefunding.com\/?p=9248","og_site_name":"Brandiary","article_published_time":"2023-08-12T07:05:17+00:00","article_modified_time":"2023-08-12T07:05:18+00:00","og_image":[{"width":1200,"height":800,"url":"https:\/\/mysourcefunding.com\/wp-content\/uploads\/2023\/08\/1691823918_0x0.jpg","type":"image\/jpeg"}],"author":"News Room","twitter_card":"summary_large_image","twitter_misc":{"Written by":"News Room","Est. reading time":"3 minutes"},"schema":{"@context":"https:\/\/schema.org","@graph":[{"@type":"Article","@id":"https:\/\/mysourcefunding.com\/?p=9248#article","isPartOf":{"@id":"https:\/\/mysourcefunding.com\/?p=9248"},"author":{"name":"News Room","@id":"https:\/\/mysourcefunding.com\/#\/schema\/person\/5062dafb0f932b59aa228f1a047332f4"},"headline":"A Reality Check Around Cybersecurity Benchmarking","datePublished":"2023-08-12T07:05:17+00:00","dateModified":"2023-08-12T07:05:18+00:00","mainEntityOfPage":{"@id":"https:\/\/mysourcefunding.com\/?p=9248"},"wordCount":655,"commentCount":0,"publisher":{"@id":"https:\/\/mysourcefunding.com\/#organization"},"articleSection":["Startups"],"inLanguage":"en-US","potentialAction":[{"@type":"CommentAction","name":"Comment","target":["https:\/\/mysourcefunding.com\/?p=9248#respond"]}]},{"@type":"WebPage","@id":"https:\/\/mysourcefunding.com\/?p=9248","url":"https:\/\/mysourcefunding.com\/?p=9248","name":"A Reality Check Around Cybersecurity Benchmarking | Brandiary","isPartOf":{"@id":"https:\/\/mysourcefunding.com\/#website"},"datePublished":"2023-08-12T07:05:17+00:00","dateModified":"2023-08-12T07:05:18+00:00","description":"Founder &amp; CEO, Corix Partners | Author \"The Cybersecurity Leadership Handbook for the CISO and the CEO\" | Board Advisor | Non-Exec Director For as","breadcrumb":{"@id":"https:\/\/mysourcefunding.com\/?p=9248#breadcrumb"},"inLanguage":"en-US","potentialAction":[{"@type":"ReadAction","target":["https:\/\/mysourcefunding.com\/?p=9248"]}]},{"@type":"BreadcrumbList","@id":"https:\/\/mysourcefunding.com\/?p=9248#breadcrumb","itemListElement":[{"@type":"ListItem","position":1,"name":"Home","item":"https:\/\/mysourcefunding.com\/"},{"@type":"ListItem","position":2,"name":"A Reality Check Around Cybersecurity Benchmarking"}]},{"@type":"WebSite","@id":"https:\/\/mysourcefunding.com\/#website","url":"https:\/\/mysourcefunding.com\/","name":"Brandiary","description":"Latest Business and Startup News and Updates","publisher":{"@id":"https:\/\/mysourcefunding.com\/#organization"},"potentialAction":[{"@type":"SearchAction","target":{"@type":"EntryPoint","urlTemplate":"https:\/\/mysourcefunding.com\/?s={search_term_string}"},"query-input":"required name=search_term_string"}],"inLanguage":"en-US"},{"@type":"Organization","@id":"https:\/\/mysourcefunding.com\/#organization","name":"Brandiary","url":"https:\/\/mysourcefunding.com\/","logo":{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/mysourcefunding.com\/#\/schema\/logo\/image\/","url":"https:\/\/mysourcefunding.com\/wp-content\/uploads\/2023\/06\/b-logo-1.png","contentUrl":"https:\/\/mysourcefunding.com\/wp-content\/uploads\/2023\/06\/b-logo-1.png","width":381,"height":100,"caption":"Brandiary"},"image":{"@id":"https:\/\/mysourcefunding.com\/#\/schema\/logo\/image\/"}},{"@type":"Person","@id":"https:\/\/mysourcefunding.com\/#\/schema\/person\/5062dafb0f932b59aa228f1a047332f4","name":"News Room","image":{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/mysourcefunding.com\/#\/schema\/person\/image\/","url":"https:\/\/mysourcefunding.com\/wp-content\/uploads\/2023\/06\/avatar_user_1_1688031660-96x96.png","contentUrl":"https:\/\/mysourcefunding.com\/wp-content\/uploads\/2023\/06\/avatar_user_1_1688031660-96x96.png","caption":"News Room"},"sameAs":["https:\/\/mysourcefunding.com"],"url":"https:\/\/mysourcefunding.com\/?author=1"}]}},"_links":{"self":[{"href":"https:\/\/mysourcefunding.com\/index.php?rest_route=\/wp\/v2\/posts\/9248","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/mysourcefunding.com\/index.php?rest_route=\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/mysourcefunding.com\/index.php?rest_route=\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/mysourcefunding.com\/index.php?rest_route=\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/mysourcefunding.com\/index.php?rest_route=%2Fwp%2Fv2%2Fcomments&post=9248"}],"version-history":[{"count":1,"href":"https:\/\/mysourcefunding.com\/index.php?rest_route=\/wp\/v2\/posts\/9248\/revisions"}],"predecessor-version":[{"id":9250,"href":"https:\/\/mysourcefunding.com\/index.php?rest_route=\/wp\/v2\/posts\/9248\/revisions\/9250"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/mysourcefunding.com\/index.php?rest_route=\/wp\/v2\/media\/9249"}],"wp:attachment":[{"href":"https:\/\/mysourcefunding.com\/index.php?rest_route=%2Fwp%2Fv2%2Fmedia&parent=9248"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/mysourcefunding.com\/index.php?rest_route=%2Fwp%2Fv2%2Fcategories&post=9248"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/mysourcefunding.com\/index.php?rest_route=%2Fwp%2Fv2%2Ftags&post=9248"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}