Best-performing organizations, with more mature cyber risk management
capabilities, share several common characteristics. They commonly:
■ Recognize the importance of cybersecurity and address it as a board
issue and value enhancer.
■ Ensure that executive management is engaged in leading cyber efforts
and support cybersecurity as a business issue.
■ Manage cyber risks within an enterprise risk management approach
providing the necessary human and capital support for programs and
■ Follow established cybersecurity standards or frameworks in building,
managing, and monitoring the enterprise cyber program.
■ Continuously evaluate cybersecurity performance against business
goals and objectives.
■ Track and report cybersecurity performance against the international
standards and frameworks used to design and implement their program.
■ Fine-tune cybersecurity priorities and activities as enterprise needs and
What sets best-performing organizations apart from the crowd is that they address cybersecurity as an essential part of how products and services are designed and delivered.