Putting Preparedness in Context: Comparing Your Security Performance to Other Companies in Your Industry
Melissa Stevens | July 23, 2014
David Burg, Principal at PriceWaterhouseCoopers, said recently that businesses are moving beyond mere compliance when assessing their security postures. Today’s companies now view outstanding security performance to be a major competitive advantage. How does your company stack up to others in the industry? Benchmarks let you know whether you’re getting the most for your security investment and whether your performance is keeping you at the top of your game.
Benchmarking isn’t just about meeting certain numbers--it’s about understanding those numbers within the context of your industry. When you’re analyzing security performance, it’s important to answer these three questions:
What is your comparative security risk profile?
Cyber attackers prefer to focus their efforts on certain industries, and right now, they’re targeting healthcare. Echoing our latest BitSight Insights analysis findings, the Washington Post noted that 43 percent of all security breaches in 2013 occurred in the healthcare industry. What do those statistics say for your business? Along with knowing which industries have greater risks, you should also learn how often hackers target peer companies.
How well does your industry protect itself?
Your company may outperform all others in your industry when it comes to security performance, but if your industry as a whole isn’t prepared for cyber attacks, then your top ranking becomes meaningless. Your company might have an advantage compared to your competitors, but it doesn’t matter much to your customers if their data is likely to be stolen.
How are you measuring security performance?
In addition to benchmarking your company against your peers, it is important to ensure you are monitoring internal security performance. If your business looks better than your peers but still has major vulnerabilities, then your benchmark comparisons won’t carry much weight. Use metrics, such as the number of days to remediate network issues, to gain insight into your company’s security performance.
Your company needs to know whether its security is ahead of the competition or at risk of an imminent data breach. Find out more about incorporating BitSight Security Ratings into your risk management strategy today.
Security ratings, or cyber security ratings, are a data-driven, objective and dynamic measurement of an organization’s security performance. Thousands of organizations around the world use BitSight Security Ratings as a tool to address a...
On March 4th, BitSight released
Peer Analytics, the newest advanced analytics module from the leader in security ratings. This allows organizations to better understand and
manage their security performance in relation to their industry...
While many IT, security, and risk professionals have developed good metrics and visuals for communicating internally about cyber risk, such as the safety cross and pareto charts, reporting on cybersecurity to non-technical individuals...