Gartner®, How to Make Your Cybersecurity Program More Defensible to Stakeholders
CybSafe is proud to bring you cutting-edge research in cybersecurity.
We’re highlighting a valuable report, Gartner®, How to Make Your Cybersecurity Program More Defensible to Stakeholders.
Report overview
This resource is ideal for CISOs, security leaders, and anyone who needs to demonstrate a security program’s impact and value to stakeholders with variable security expertise.
Gartner rightly points out, “Compliance is easy to measure and therefore easy to show a return on investment. With cybersecurity, it is difficult to make the case for investment beyond compliance because the ROI shifts to the less measurable avoidance of a problem.”
“Articulating delivered protection levels is more useful to guide cybersecurity investment than articulating the tools, technology and capabilities,” they add. To guide this process, Gartner® has developed the CARE framework.
Each element of the framework “can be expressed through a set of outcome-driven metrics that measure the delivered protection levels from cybersecurity control investments.”
By following the CARE framework’s clear structure, “CIOs can use this framework to guide cybersecurity priorities and investments that are more defensible to customers, shareholders, regulators and partners.”
Gartner®, How to Make Your Cybersecurity Program More Defensible to Stakeholders, by Paul Proctor, 24 February 2024.
Report Key Findings
“CIOs, executives and boards of directors struggle to know the correct amount of cybersecurity for their organization.”
“The U.S. Federal Trade Commission (FTC) has started to hold CEOs personally accountable for their organizations’ cybersecurity investments.”
“Meanwhile in Europe, GDPR fines are confirmed to be related to the lack of consistent, adequate, reasonable and effective controls.“
“The CARE framework guides organizations to create cybersecurity investments that are consistent, adequate, reasonable and effective.”
“Each element of the CARE framework can be expressed through a set of outcome-driven metrics that measure the delivered protection levels from cybersecurity control investments.”
Source: Gartner®, How to Make Your Cybersecurity Program More Defensible to Stakeholders, by Paul Proctor, 24 February 2024.
Disclaimer: GARTNER® is a registered trademark and service mark of Gartner, Inc. and/or its affiliates in the U.S. and internationally and is used herein with permission. All rights reserved.