Organizational Cyber Maturities

The research for my first book Managing Cyber Risk ¹ outlines five levels of maturities based on almost twenty enterprise characteristics. The data was collated based on questionnaires with over 200 of the Fortune 1000 and the cyber insurance industry. The purpose of having a maturity mapping is to benchmark and set goals based on these characteristics. The five levels of maturity are related and act as a roadmap to identify where there are basic, intermediate, good, proactive, and pervasive cybersecurity practices in place and to set goals to increase cyber maturity. The best practices and processes are mapped across five maturity levels, summarized in the figure below.