In this session, security metrics such as vulnerability stats, firewall blocks, SIEM alerts, etc. will be discussed as typical barriers to getting C-Level and Board of Director attention and why this happens.  We will define ways to link these disparate metrics to business impact in C-Level and Board of Director language.  This language is about revenue, more specifically what the potential monetary loss could be based on identified security metrics and their associated trends. We will conclude by discussing which metrics are most applicable for crafting the message to C-Level and board members, how to identify potential loss exposure mapped to the metrics, and the available tools to help in the translation.

Security metrics are critical data points in measuring an organization’s current state of security. Yet security professionals often lack the ability to effectively communicate them—and their business impact —to C-level and board members in a language they understand. Without honing this ability, security programs can suffer from a lack of funding and executive support, which can affect overall cyber resiliency. In this session, we will discuss how security professionals can identify the most applicable metrics and trends that equate to business impact. We will share ways to convey the critical nature of these trends’ effect on potential revenue loss. We will also review available tools that can help.