Over the last few quarters, the Verodin team and I have been traveling across the US and abroad. We’ve been giving speeches and collecting security statistics from hundreds of audience members via real-time polling software.
The results of these polls have created an interesting cross-section of perspectives. My audiences generally include red and blue security teams, auditors, security executives, and individuals representing various non-technical, non-security leadership roles across government organizations, financial services, transportation, telecom, retail, healthcare, and oil and gas, just to name a few.
For this blog, let’s take a look at the polling question: does your leadership leverage security metrics for business decisions?
I’m very optimistic about these clustered results. While 49 percent voted that they “rarely or never” use security metrics for business decisions, a whopping 51 percent voted for “half the time,” “usually,” or “always.”
So, just over half of the respondents use security metrics for business decisions at least half the time. To me, this was a surprising and positive outcome of the poll and illustrates the importance that many organizations are placing upon security for business decisions.
It was great to see that 33 percent of respondents “usually” or “always” use security metrics for business decisions. While promising, to me, this shows that we have a lot of room for improvement as an industry too.
Organizational leaders want and need to leverage security metrics as part of their decision-making processes. The realization that security is no longer about cyber risk, but instead, the financial, operational, and brand risk from cyber, is becoming more apparent. However, just because we all know security is a business imperative, it doesn’t mean that all organizations are at the same point on the maturity curve.