Assessing Business Outcomes of Cybersecurity

As part of our “Assess Outcomes (Not Features)” theme, we examine the specific outcomes that cybersecurity solutions should be driving for your small to mid-sized enterprise. This should help you to assess your existing cybersecurity solutions, determine the impact of potential solutions, and ultimately highlight the value and necessity of cybersecurity solutions to leadership within your organization.

Cybersecurity outcomes can be intangible. Not only is success dictated by the absence of a negative outcome (getting breached), but the cybersecurity knowledge gap may prevent leadership from understanding the progress you have made (even when aided by KPIs). In this post, we highlight the outcomes that your investment in cybersecurity should be driving, the value they bring to the SME, and how to demand that your cybersecurity provider clearly articulate how they deliver such outcomes.

If you want to learn more about the premise, check out our posts about the cybersecurity knowledge gap, SMB cybersecurity KPIs, and sound questions for leadership to understand cybersecurity.

The Road is Not the Destination

Some managers turn to roadmaps when faced with goals that are difficult to measure; especially when their department/program/solution is at an immature state. Plot the components of your desired state, identify the key milestones, tick them off as they’re completed, and more boxes ticked than last time shows progress… easy, right? Unfortunately, you can progress along the roadmap, and still suffer consequences along the way. This is especially so for cybersecurity, given the interdependent nature of your IT infrastructure, and the ways hackers seek to exploit it; if you’ve secured one area, hackers just move on to another point on the attack-surface, and get at their objective through lateral movement once they’re in. So, if your roadmap includes securing various points on your network (with ‘point products’), each as separate (Read more...)