Security, insurance providers want to help you evaluate your cyber risk

Credit: ID 93580382 © Adam121 |

A host of security vendors are targeting governance-minded companies with tools for formalising the evaluation and management of cybsersecurity risk across an organisation.

Secureworks, for one, has wrapped its Secureworks Security Maturity Model (SSMM) methodology into a self-assessment tool that helps organisations benchmark the maturity of their cybersecurity processes.

The methodology – which draws on methodologies including NIST and ISO 27001/02 frameworks – scores companies’ capabilities across five cybersecurity domains, comparing their capabilities to the key insights gleaned from examination of outcomes achieved by 4500 of the company’s clients in areas such as risk management, cybersecurity operations, governance, and processes.

“Business executives tell us they’re looking for ways to determine whether their cybersecurity capabilities and investment are in line with their business risk profile,” consulting practice leader Hadi Hosn said in a statement.

“Our recent study suggests that misalignment between security activities and actual risk is common enough to warrant a more pragmatic model that can help organisations both identify those gaps and adjust their security maturity goals accordingly.”