Cybersecurity benchmarking is an excellent way to make improvements in cybersecurity practices. Benchmarking is an activity that compares a business’s internal operations to another company that does those activities best. The comparison company does not have to be in the same industry as that of the one making the comparison because activities can be the same in different industries. It is hard for managers to obtain information on other companies activities because if a company does something well, they will do everything they can to guard that so that it does not fall into the hands of competitors.
Most often, benchmarking information is gathered from consultants, trade journals, reports, or alliances. There are also organizations that gather benchmarking information. This information is given to member companies of these organizations without disclosing the source of the benchmark.
Identify the cybersecurity metrics that are important to your company and then benchmark those against others in the industry to see how you are doing. Benchmark processes against established best practices in the industry. Consider ITIL or COBIT for some excellent best practices.