Board-Level Cybersecurity Metrics

In brief: This tool outlines the metrics that boards can use to measure the effectiveness of the corporation’s cybersecurity program. With this understanding, boards will be well prepared to advise management teams on cybersecurity threats that may need to be addressed. This tool originally appeared in the publication, Cyber-Risk Oversight 2020: Key Principals and Practical Guidance for Corporate Boards

This resource can help your board to

  • consider key metrics to assess board-level cybersecurity issues,
  • provide management with oversight for cybersecurity plans using metrics, and
  • pose questions to management around strategic cybersecurity metrics.

Most relevant audiences: Risk committee chairs, risk committee members, and CISOs