“Having a good cybersecurity program and strategy that is linked to the organization’s goals and objectives assists in building out your metrics program. It lays the foundation for reporting to your C-Suite in terms they are most familiar with … business terms.”

“Add context so your audience understands what the data represents. If metrics need to be explained every time you present them or your audience inherently has the question “so what?’ in their heads, they haven’t been properly structured or contextualized.” 

“Executives don’t intuitively see the connection between technical security data points and the business outcomes that leadership is responsible for achieving. Providing them with multiple technical data points isn’t effective at driving decision making.”

“Identify and communicate business relevant metrics that will enable you to demonstrate the value of the activities and show improvements over time.”

“Metrics must be measurable in a cost-effective manner. The higher the effort or cost it requires to identify, track and report these metrics, the less likely they are to become a part of the governance and decision-making framework in the organization.”

“Make sure your metrics drive action. Define a clear way forward and next steps or recommendations for your audience. A report that doesn’t help make these decisions isn’t useful.”

“Change the narrative by ensuring metrics clearly connect to business outcomes, tailoring a story to your specific audience and engaging your audience in actively managing its information risk.”

“With an average budget of $2.2 million, the privacy office is unlikely to be able to afford a lot on its own, so privacy leaders must be selective and get other business units on board.”

“Identify the key people who help drive your privacy program forward, then figure out key priorities for these stakeholders over the next two to three years and see if you can find one or more capabilities that align with those initiatives.”

“Like a timer or some type of fitness tracker, privacy controls are data centric tools that draw insights and enable control at the data level, such as automated data discovery and mapping tools.”

“Sometimes called privacy platforms, privacy management tools and are intended to be the central repository for your compliance related documentation. These tools can help conduct risk assessments, document records of processing activities or build reports about the privacy program.”

“Establishing trust in your user's identity is often a critical aspect of doing business.”

“Identity fraud and synthetic identity fraud continue to plague clients across industries.”

“Identity proofing and/or affirmation techniques are used in a broad range of use cases today.”

“Use an orchestration platform to manage the convergence of identity, fraud and authentication capabilities across the UX.”

“Integrate identity proofing into broader security programs such as threat intelligence and insider risk detection.”