Making Metrics More Meaningful for the BoardAccenture's Ryan LaSalle on Adding Context to the Cybersecurity Discussion
According to a new report from Accenture Security titled "Elevating the Cybersecurity Discussion," only 38% of CEOs and CFOs are confident that over 75% of their organization is actively protected by their cybersecurity program.
Ryan LaSalle, senior managing director at Accenture Security, says that security is a top concern for many CEOs, "but they don't have the words or the metrics or the real performance indicators to understand if that worry is managed."
"Many companies use benchmarking as a sense of 'Are they spending enough?' and that's not a very good measure when the entire peer group is underspending or spending in the wrong places," he says.
In order to help executives feel more confident that security is investing in the right areas of the business, LaSalle says that when an enterprise is trying to expand into a new market or launch a new product, security leaders should help the C suite better understand the things they're doing to help ensure the success of that move.
"I think the metrics are more about the context and the storytelling than they are about the numbers and the trends," he says.
In a video interview with Information Security Media Group, LaSalle discusses:
- Why CEOs and CFOs are not as confident as CISOs when assessing their security performance or security coverage;
- Why cybersecurity accountability is often fragmented in organizations and how tabletop exercises can help resolve that;
- How CEOs and CFOs can increase their understanding of cybersecurity.
LaSalle leads the North America practice for Accenture Security. He is responsible for nurturing the teams that bring transformative solutions to better defend and protect clients and for keeping the company's commitment to provide clients with high-quality, innovative delivery to address their most critical issues.