Industry Benchmarks: You Can Get With This, Or You Can Get With That

In my previous role as a CISO, I probably received two questions far more than any others. The first, “Are we secure?” was a terrible and loaded question that required you to know your audience well before answering. As security professionals, we know “secure” isn’t binary and as such isn’t a yes or no question. We at Kenna have worked very hard to change that conversation from a simple binary “yes” or “no” to a discussion of risk.

The second question I would always get was “how do we compare to our peers?”. In this case, our peers were other online travel agencies. To be honest, this question at the time was tougher to answer. While my teammates in the Fraud group readily shared information with peers and competitors to prevent fraud across the industry, security was still a secretive industry where information sharing was considered a weakness. Fortunately we have started to come to our senses and we are starting to see more information sharing, both formal and informal, within security and we at Kenna Security have been working on helping you answer this very question.

With our recent launch of Peer Benchmarking, Kenna Security allows you to compare your security risk over time against similar organizations within your industry. This allows organizations to understand where their overall risk stands at any given point in time versus their peers…

…and because many companies actually compete in multiple verticals, you can even compare and contrast yourself against additional industries quickly and easily.

But this is only the beginning. As Kenna Security customers know, we measure a number of metrics around vulnerability and application risk, as well as remediation rates and statistics. Many of these are ripe for benchmarking and we will continue to roll out new benchmarking breakdowns. Our plan is to not only continue to give you more visibility but, like my friends in anti-fraud did years ago, also uplevel security risk management across our customers by having them continue to raise the bar.

With this new capability, Kenna is happy to have addressed these two nagging questions. The first by moving the discussion from the binary “Are we secure?” to one of risk, and the other by delivering real-time capabilities for our customers to compare and contrast against their peers. If you’re a customer, we’d love to hear your feedback, and if you’re not… why not sign up and give it a spin?