Security Metrics Are Undervalued, Misunderstood

By Don Reisinger  |  Posted 08-08-2013

Security Metrics Are Undervalued, Misunderstood

Metrics Are Vital to Staying Secure  A high percentage of IT professionals (75%) say metrics are either “important” or “very important” when evaluated a risk-based security program.

Security Metrics Are Undervalued, Misunderstood

Security Metrics Are Undervalued, Misunderstood

Out of Alignment   Despite the value of security metrics, 53% of IT pros say the metrics are not aligned with their company’s business objectives.

Security Metrics Are Undervalued, Misunderstood

Security Metrics Are Undervalued, Misunderstood

Senior Executives Don’t Get It  A major reason that security metrics don’t line up with business strategy is that senior executives don’t understand the metrics, according to 51% of IT professionals.

Security Metrics Are Undervalued, Misunderstood

Security Metrics Are Undervalued, Misunderstood

Too Technical Is A Bad Thing  Why don’t senior executives understand security metrics? According to 59% of IT pros, the information is simply too technical for them.

Security Metrics Are Undervalued, Misunderstood

Security Metrics Are Undervalued, Misunderstood

Not Viewed As Important Enough  Another problem that 48% of IT professionals are encountering is that the business side doesn’t believe security is nearly as important as other “pressing issues.”

Security Metrics Are Undervalued, Misunderstood

Security Metrics Are Undervalued, Misunderstood

Communication Is Lacking  Another revelation that might concern IT pros: 40% of them say the only time they talk about security with senior executives is when a security incident has occurred.

Security Metrics Are Undervalued, Misunderstood

Security Metrics Are Undervalued, Misunderstood

Is Laziness A Factor?  Surprisingly, 35% of IT professionals would deliver security metrics to business executives, but it takes too much time and resources.

Security Metrics Are Undervalued, Misunderstood

Security Metrics Are Undervalued, Misunderstood

Uh, Who Cares?  Another 18% of IT pros say they can’t convey security metrics because, well, the business side doesn’t care about the information.

Security Metrics Are Undervalued, Misunderstood

Security Metrics Are Undervalued, Misunderstood

Not Important, Really?  Lastly, 5% of IT professionals don’t regard security metrics as important.

Security Metrics Are Undervalued, Misunderstood