Trust in Data and Metrics Processes Cause Security Headaches for Financial Services

Security leaders are being challenged to create business metrics, but without having total trust in the data they work with.

According to research by Panaseer of over 400 security leaders in financial services organizations, 96% of companies use metrics to measure their cyber-posture, but 36% said their biggest challenge in creating metrics to measure and report on risk is trust in the data.

Other issues included the resources required to produce metrics (21%), the frequency of requests (14%) and confusion over knowing what metric to use (15%). Fewer than half of respondents (47%) could claim to be very confident that they are using the right security metrics to measure cyber-risk.

Nik Whitfield, CEO, Panaseer, said not knowing the accuracy, timeliness or even limitations of a security metric can render it useless – which is simply unacceptable against a backdrop of tightening regulation and an increasing attack surface.

“We must move on from the era of out-of-date inaccurate metrics to one where they are automated and measured on a continuous basis,” he said. “Financial service organizations, in particular, need trusted and timely metrics into an organization’s technology risk, segmented where possible to critical operations. With this information, the board can then have a better understanding of what risks are and aren't acceptable to keep customer data safe.”

The research determined the primary use for security metrics to be risk management (41%), demonstrating the success of security initiatives (28%), supporting security investment business cases (19%) and board and executive reporting (10%).

The research also found that teams are wasting an inordinate a ..

Support the originator by clicking the read the rest link below.