Recent research indicates that organizations with 10,000 or more employees typically maintain almost 100 security tools. And yet, well-established global companies continue to be victimized by cyber attacks. For example, payments-processor NCR recently experienced a ransomware attack that caused downstream outages across numerous restaurant back-office and point-of-sale systems. With the prospect of a 2023 recession, reporting suggests that chief information security officers (CISOs) will increasingly see budgets constrained. So how can companies focus their limited cybersecurity investments on the controls that matter most?
Given that cyber risk operates within the context of a highly dynamic threat, business, and technology environment, it’s important to set some context for how we will measure cybersecurity performance. As Michael Chertoff recently noted, good cybersecurity programs operate with a high degree of transparency, accuracy, and precision.
The…
This article was written by Adam Isles and originally published on hbr.org