2019 Information Security Benchmarking Study Survey

How does your organization’s information security preparedness compare to your peers?

To help you to benchmark your efforts, Argyle Executive Forum would like to invite you to take part in this short survey on the challenges that you and your peers are facing.

Your responses will be anonymously compiled in our 2019 Information Security Benchmarking Report and used to inform the discussions at our upcoming CIO and CISO forums.

Question Title

* 1. Which of the following questions have your organization's board members or senior business executives asked you about in the last 12 months? (Check all that apply).

How do we know if we have been hacked or breached?

How confident are you that we will be out of the news?

How are we managing risk?

Do we have enough cyber insurance coverage?

Is our security program aligned with our business revenue streams?

Where do management and our IT team disagree about cybersecurity?

Question Title

* 2. Given 24 hours to answer, how satisfactory would your answer be for each of these questions?

	Extremely Unsatisfactory	Somewhat Unsatisfactory	Neutral	Somewhat Satisfactory	Extremely Satisfactory	Don't Know
How do we know if we have been hacked or breached?	How do we know if we have been hacked or breached? Extremely Unsatisfactory	How do we know if we have been hacked or breached? Somewhat Unsatisfactory	How do we know if we have been hacked or breached? Neutral	How do we know if we have been hacked or breached? Somewhat Satisfactory	How do we know if we have been hacked or breached? Extremely Satisfactory	How do we know if we have been hacked or breached? Don't Know
How confident are you that we will be out of the news?	How confident are you that we will be out of the news? Extremely Unsatisfactory	How confident are you that we will be out of the news? Somewhat Unsatisfactory	How confident are you that we will be out of the news? Neutral	How confident are you that we will be out of the news? Somewhat Satisfactory	How confident are you that we will be out of the news? Extremely Satisfactory	How confident are you that we will be out of the news? Don't Know
How are we managing risk?	How are we managing risk? Extremely Unsatisfactory	How are we managing risk? Somewhat Unsatisfactory	How are we managing risk? Neutral	How are we managing risk? Somewhat Satisfactory	How are we managing risk? Extremely Satisfactory	How are we managing risk? Don't Know
Do we have enough cyber insurance coverage?	Do we have enough cyber insurance coverage? Extremely Unsatisfactory	Do we have enough cyber insurance coverage? Somewhat Unsatisfactory	Do we have enough cyber insurance coverage? Neutral	Do we have enough cyber insurance coverage? Somewhat Satisfactory	Do we have enough cyber insurance coverage? Extremely Satisfactory	Do we have enough cyber insurance coverage? Don't Know
Is our security program aligned with our business revenue streams?	Is our security program aligned with our business revenue streams? Extremely Unsatisfactory	Is our security program aligned with our business revenue streams? Somewhat Unsatisfactory	Is our security program aligned with our business revenue streams? Neutral	Is our security program aligned with our business revenue streams? Somewhat Satisfactory	Is our security program aligned with our business revenue streams? Extremely Satisfactory	Is our security program aligned with our business revenue streams? Don't Know
Where do management and our IT team disagree about cybersecurity?	Where do management and our IT team disagree about cybersecurity? Extremely Unsatisfactory	Where do management and our IT team disagree about cybersecurity? Somewhat Unsatisfactory	Where do management and our IT team disagree about cybersecurity? Neutral	Where do management and our IT team disagree about cybersecurity? Somewhat Satisfactory	Where do management and our IT team disagree about cybersecurity? Extremely Satisfactory	Where do management and our IT team disagree about cybersecurity? Don't Know

Question Title

* 3. Which team or department is primarily responsible for the following areas?

	Individual Business Units	General IT	Information Security	Risk Management or Legal	Senior Business Executives or Board	No One
Application security	Application security Individual Business Units	Application security General IT	Application security Information Security	Application security Risk Management or Legal	Application security Senior Business Executives or Board	Application security No One
Cloud security	Cloud security Individual Business Units	Cloud security General IT	Cloud security Information Security	Cloud security Risk Management or Legal	Cloud security Senior Business Executives or Board	Cloud security No One
Compliance	Compliance Individual Business Units	Compliance General IT	Compliance Information Security	Compliance Risk Management or Legal	Compliance Senior Business Executives or Board	Compliance No One
Endpoint security	Endpoint security Individual Business Units	Endpoint security General IT	Endpoint security Information Security	Endpoint security Risk Management or Legal	Endpoint security Senior Business Executives or Board	Endpoint security No One
End user identity/provisioning	End user identity/provisioning Individual Business Units	End user identity/provisioning General IT	End user identity/provisioning Information Security	End user identity/provisioning Risk Management or Legal	End user identity/provisioning Senior Business Executives or Board	End user identity/provisioning No One
Mobile device security	Mobile device security Individual Business Units	Mobile device security General IT	Mobile device security Information Security	Mobile device security Risk Management or Legal	Mobile device security Senior Business Executives or Board	Mobile device security No One
Risk measurement/reporting	Risk measurement/reporting Individual Business Units	Risk measurement/reporting General IT	Risk measurement/reporting Information Security	Risk measurement/reporting Risk Management or Legal	Risk measurement/reporting Senior Business Executives or Board	Risk measurement/reporting No One
Supplier/supply chain security	Supplier/supply chain security Individual Business Units	Supplier/supply chain security General IT	Supplier/supply chain security Information Security	Supplier/supply chain security Risk Management or Legal	Supplier/supply chain security Senior Business Executives or Board	Supplier/supply chain security No One

Other (please specify)

2019 Information Security Benchmarking Study

*Please note that survey is anonymous

Question Title

* 1. Which of the following questions have your organization's board members or senior business executives asked you about in the last 12 months? (Check all that apply).

Question Title

* 2. Given 24 hours to answer, how satisfactory would your answer be for each of these questions?

Question Title

* 3. Which team or department is primarily responsible for the following areas?

Question Title

* 4. Where is Information Security within your enterprise’s organization/reporting structure?