Key Cybersecurity KPIs to Report to the Board

Key Cybersecurity KPIs to Report to the Board

As a CISO, you need to talk to your board members in their language.

Here are 2 hacks to do that: Speak in terms of financial cyber risk quantification.

Don’t tell them, “I deployed the Prolexic solution to mitigate DDoS attack on network.” That won’t make an impact on them.

Tell them, “I'm going to save potentially up to $5 million in an outage by spending $200,000 on a device to mitigate ransomware attacks.” Compare your organization with competitors.

Share with them what similar companies are doing.

If you're a big bank, you need to look at other big banks:

  • How many security staff versus the entire number of employees do they have?
  • What is their overall IT security budget?
  • What is the objective third-party rating that shows how they’re doing?

So, in order to bridge the communication gap with your board members, CISOs/CSOs need to:

  • talk about the financial impact
  • measure your organization against competitors

What would you add to this?


SecurityScorecard is the global leader in cybersecurity ratings and the only
service with over 12 million companies continuously rated. The company is
headquartered in New York and operates in 64 countries around the globe.

#cybersecurity #cyberrisk #cyberratings #linkedin