One of the most challenging executive tasks for CISOs is quantifying the success and the value of the cybersecurity function.
Indeed, security leaders and their organizations have used a myriad of metrics over the years. Yet, many executives and board members have complained that those measures failed to provide them with adequate insight or understanding of how well the security department is performing, how it’s improving, and where it’s falling short.
“Too much technical jargon is being presented to the chief executive and the board. CISOs are still telling the board about critical vulnerabilities and the number of patches, but the board doesn’t understand that because there’s not any proper context provided,” says Jarrett Kolthoff, president and CEO of security firm SpearTip.