TechDemocracy aims to provide a holistic assessment of cyber risk  

This column is available in a weekly newsletter called IT Best Practices.  Click here to subscribe.  

Gartner estimates that global spending on cybersecurity solutions exceeded $81 billion in 2016. The average enterprise with 1,000 or more employees spends about $15 million fighting cybercrime each year, according to the Ponemon Institute. Despite such heavy investments in all types of solutions, many CISOs still find it challenging to answer the questions, “How likely are we to have a breach, and if we do incur a breach, what will be the financial impact?”

The main obstacle to answering those fundamental questions is that much of the information needed to reveal an organization’s state of cyber risk is trapped in product silos, and it’s seldom fully mapped to the organization’s compliance policies.

Technical information about security events can be brought together in a SIEM tool, yielding threat information but not necessarily the organization’s overall security and risk posture. When the CISO gets called in front of the Board of Directors, these leaders want to know how effective the overall cybersecurity program is, not how many threats have been discovered in the company’s computing environment.

Leave a Reply

Your email address will not be published. Required fields are marked *