Here are three tips on how healthcare organizations can build out an effective reporting strategy that will lead to improved cybersecurity.
It’s sad, but true: Less than 15 percent of enterprise organizations report key performance indicators for security. Healthcare organizations are no different. While many track clinical, financial and operational data, few track and report cybersecurity metrics. This greatly increases the risk, because attacks against healthcare organizations are increasing dramatically.
Without keeping a finger on the pulse of risk and security, health systems can’t measure progress, nor can they engage senior management in efficient, long-term decision-making. Here’s how a healthcare organization can build out an effective reporting strategy that will lead to improved security.
1. Be Deliberate in Tracking Cybersecurity Metrics
Focus on relevance rather than quantity. Many organizations track a lot of data because they’ve always done so, without any clear indication of how that data can enhance security. Triage your metrics, focusing on those key performance indicators that show the organization’s progress toward achieving key objectives or goals. Use the SMART framework: Make KPIs specific, measurable, attainable, relevant and time-bound.
2. Communicate Visually with Senior Management
When reporting KPIs to senior management, use data visualization with at-a-glance indicators of overall stance and numbers that clearly quantify the status. Tell a story that makes sense even to nontechnical leaders. Metrics should provide high-level insights so executives can track progress toward the big picture, and then use the data to drive calls to action and approve necessary funding.
3. Drive to Improve Cybersecurity with Metrics
Management consulting pioneer Peter Drucker said, “What gets measured gets managed.” Make sure the KPIs you track and communicate impact processes that lead directly to improved security. Periodic, regular measurements will show trends and indicate where corrective action is needed. If possible, compare your scores with industry peers, which can spur your team on and build camaraderie.