Your business is only as strong as its security program. Take this quiz to find out how aligned your security program is with the wider business strategy.
Start the Quiz
No. Security risk is completely separate.
Yes and no. They're both addressed, but business risk is the priority.
Yes. Security risk is fully integrated with business risk.
Only 18% of organizations score high in the alignment of their business objectives with their security program management. Optiv Security, 2018.
Never. Risk is only discussed within the security team.
Annually. We do an assessment and the C-Suite sees a report.
Regularly. We adjust our strategy and security program based on results.
67% of boards of directors are putting pressure on senior executives to increase management involvement in risk oversight.
It's minor. We don't worryu about compliance too much.
It's the goal. We seek only compliance.
It's an outcome. Having a holistic security strategy ensures compliance.
The average cost for organizations that experience non-compliance incidents involving data is $14.82M.
No. It'd be pure panic mode.
I think so? We have controls in place for it, anyway.
Yes. We have a formal incident response plan, and practice it.
77% of organizations do not have a formal cybersecurity incident response plan in place.
Ponemon Institute sponsored by IBM Resilient, The Third Annual Study on the Cyber Resilient Organization, 2018.
Not really. Business leaders wouldn't understand what is is anyway.
Mostly. We alls tay on top of emerging threats and attacks.
Yes. We make time to learn and educate them in a meaningful way.
Only 12% of organizations score a medium rating or higher for their ability to report solid security metrics.
Optiv Security, 2018.
Based on your responses
You’re not alone. Only 18% of organizations Optiv assessed scored high in the alignment of their business objectives with their security program management.
C-suite and board members speak about risk in terms of business impact, financial loss and reputation. To have a productive conversation with business leaders, security professionals have to translate IT speak into how security issues impact overall business objectives.
There appears to be alignment (great!), which puts you ahead of many organizations. In fact, only 18% of organizations Optiv assessed scored high in the alignment of their business objectives with their security program management.
It’s essential to work with business leaders to understand and articulate enterprise business objectives so that, together, you can build a security strategy and program that enables adaptive, risk-based decision-making.
Your program and business strategy are so in sync they finish each other’s sentences––a rarity in today’s digital world. In fact, only 18% of organizations Optiv assessed scored high in the alignment of their business objectives with their security program management.
Smart and sustainable security programs are the product of regular conversations, decisions and inputs that enable adaptive, risk-based decision-making. So keep the conversation with business leaders going!
Get the bigger picture. Contact Optiv for a full risk assessment and evaluation attuned to your business needs.