Many (most?) companies are investing in cyber security.
Dynamic internal and external landscapes (including threats) require a level of investment to 'stand still' and prevent degradation (i.e. increased risks). Improving capability to defend against the threats requires even more.
Justification for investment is self-evident to security professionals sponsoring it but often less so to Executive Boards. How do you explain 'what they will get for the money' - benefits, not widgets? In short, how do you demonstrate return on investment?
Beyond the well-crafted words about better protection and risk reduction, how do you quantifiably measure the predicted and actual benefits in a way that can be consumed and understood by those key decision makers?
This presentation will:
Phillip Gregory, Director, Cyber Resilience Programme, RSA Group