InSights Blog

Key risk indicators (KRIs) can help monitor and control cyber risk. But what KRIs should you focus on?

Executive performance and cyber risk management are now inextricably linked. Learn how CISOs can help executives be more accountable for cyber risk.

What is a board cybersecurity committee? Learn why it’s more critical than ever and how your organization can establish one.

Give your security teams critical digital risk monitoring tools to discover, prioritize, and remediate risk across the expanding attack surface.

A vulnerability scanner evaluates security weaknesses and gaps in your digital infrastructure. Learn what to look for in a robust solution.

Investors are worried about cybersecurity—and for good reason. Yet despite growing concerns and the criticality of the issue, the dialogue between companies and investors need significant improvement. Here's why.

Over 70% of executives are bullish about their organization’s ransomware resilience. Here’s how security leaders can temper that overconfidence.

The red lights are flashing everywhere. News stories are warning about a sharp rise in ransomware attacks, a 2000X fold increase in cybersecurity breaches, and more cyber-related doomsday scenarios. Meanwhile, the Biden Administration released a much-anticipated cybersecurity plan earlier this year, calling for more investments in cybersecurity.

Cybersecurity incidents are on the rise, and the monetary setbacks for victims are considerable. The average cost of a data breach in the U.S. has soared to nearly $8.6 million, and these costs are expected to grow by 15% over the next five years.

Boards are increasingly looking at cybersecurity as a crucial part of the business. The problem is, the board doesn’t always know what to look for or how cybersecurity impacts the business. What the board really wants to hear in the next report is how you’re generating results for the organization and how those results are creating ROI on the spend. Here are a few cybersecurity questions and a few metrics that the board really wants to hear about in the next report.

One of the more challenging aspects of third party risk management is effectively communicating risk. Often the risks posed by vendors are highly technical, and it can be tempting to simply put together a slide or list to review with business owners, executives or board members. But this can often create an obstacle to buy in, as few people have the expertise to understand what these risks mean. 

No one should be surprised to learn that IT and cybersecurity jobs can be extremely stressful. Now, a convergence of trends has, in many cases, brought this stress to a breaking point.

Since the creation of the first CISO role about 25 years ago, the job has changed dramatically. What was once an uncommon position has quickly become standard, with the majority of companies including a cybersecurity-specific role in their C-suites. 

A monthly or quarterly report is a great way to summarize a SOC’s performance and uncover insights for executive leadership. But as a security and risk manager or executive, what information should you request from the managers who report to you?

Today, disruptive risks are an area of focus for corporate directors worldwide. On a global basis, we face disruptions in areas like geopolitical volatility, economic slowdown, emerging technologies, cybersecurity threats, and climate change.