<img height="1" width="1" style="display:none" src="https://www.facebook.com/tr?id=1175921925807459&amp;ev=PageView&amp;noscript=1">
Security Performance Management

New Forrester Study Highlights Need for Security Performance Management

Alex Campanelli | September 5, 2019

In a new Forrester study commissioned by BitSight,Better Security And Business Outcomes With Security Performance Management, key findings implicate the strong need for businesses worldwide to invest in a robust security performance management program. In fact, results from this study showed that companies using formal security metrics are more likely to have seen a 10% or greater increase in their security budget in the last year. Ultimately, this investment allows organizations to leverage this information to win business.

It seems like we hear about a new data breach or cyber incident almost daily. According to this study, in fact, 80% of companies surveyed experienced a security or cyber incident in the past year, the most common being malware attacks. 

In this commissioned study, Forrester conducted an online study with 207 security decision-makers with responsibility for risk, compliance, and/or communications with boards of directors to explore the topic of managing internal cybersecurity performance. 

It’s clear that companies increasingly realize that a strong security posture is critical to earning customer trust, securing intellectual property, and protecting their brand identity. Customers want to do business with secure businesses — and since empowered customers can easily move their business elsewhere if they feel vulnerable, security decision-makers must seek to understand and quantify their program’s effectiveness, and measure its impact on business objectives. They need to be on the lookout for indications of failure that will harm the business most. Survey respondents confirmed this by stating that they are more likely to do business with companies with good security, as they know their data and intellectual property are protected. 

The need for a security performance measurement solution

Notably, one major key finding from this study emphasizes the need for quantifiable metrics, including security ratings, when managing security performance. When surveyed, respondents said that improved security measurement would greatly improve company financial performance and reduce risk. In fact, nearly three-quarters of C-level respondents confirmed that improved security performance measurement would greatly or significantly improve company financial performance. More than half of companies overall say improving measurement would reduce overall risk.

In addition to reducing overall risk for the business, improving security measurement within an organization can also improve its financial performance. First and foremost, you can’t manage what you can’t measure. Quantifiable security metrics are becoming critical to planning budgets and allocating resources, but the maturity of managing security as a business is still relatively low. 

Security is evolving into a business discipline, and so it is being treated like one: 70% of decision-makers agree that scrutiny of security spending efficiency is increasing. And like other business disciplines, formal metrics have emerged as the key method to justify investments (an approach at 63% of companies surveyed). In fact, 49% of decision-makers said that cybersecurity risk ratings are in their top 5 preferred metrics.

In addition to reducing overall risk for the business, improving security measurement can have a direct impact on its financial performance, as validated by these study results. Today, 45% of security and risk leaders use security ratings to measure the performance of their cybersecurity program. At BitSight, our customers use security ratings to align investments and actions with the highest measurable impact over time, efficiently allocate limited resources on the most critical areas of cyber risk within their organization, and facilitate data-driven conversations around cybersecurity among key stakeholders.

By leveraging security ratings, organizations can be confident they are measuring themselves on the same scale that the majority of their key stakeholders are measuring you on as well — be it their partners, regulators, investors, executives, or board members.

Want to learn more about these Forrester study results? Join us for the live webinar on 9/25. Register here.

Forrester Study - Security Performance Management

Suggested Posts

New Forrester Study Highlights Need for Security Performance Management

In a new Forrester study commissioned by BitSight,Better Security And Business Outcomes With Security Performance Management, key findings implicate the strong need for businesses worldwide to invest in a robust security performance...

READ MORE »

Analyzing Utilities Sector Cybersecurity Performance

With economic sanctions being levied by the US against Iran and a trade war heating up with China, some security experts are cautioning that attacks targeting US critical infrastructure may be inevitable. Are electric utilities prepared to...

READ MORE »

Security Performance in Business Context: How Forecasts Empower Organizations to Improve Processes

When it comes to managing your organization’s cybersecurity performance, understanding the business context in which you make decisions is key. By leveraging security ratings you can understand the efficacy of your current security...

READ MORE »

Subscribe to get security news and updates in your inbox.