Understanding the technical details of security systems

Demonstrating and understanding the return on security investments

Keeping up with the latest technology trends

Hiring qualified cybersecurity personnel

To simplify the reporting process

To comply with legal requirements

To make the metrics more relatable and actionable

To ensure the audience is entertained

Hiring a consultant

Conducting a company-wide survey

Choosing the right framework

Implementing new technology

They are required by most frameworks

They are more accurate than quantifiable metrics

They help plan for future scenarios where data is unavailable

They are easier to collect than data

It may not cover all necessary security aspects

It requires too much training

It is difficult to implement

It is too expensive

A percentage of the company's profit

A fixed amount per employee

A percentage of the overall IT budget

A fixed percentage of the company's revenue

The company's marketing strategy

The latest technology trends

The company's risk appetite and crown jewels

The number of employees