Metrics Must Show Security Expenditures Provide The Right Level Of Protection
- In considering which metrics best tell the bank’s security story at an executive level, maturity statistics are among the most important.
- For each business line, we evaluate the highest risks, our exposure to them, and their potential business impact.
“Banks take risks all the time. Our biggest challenge is defining where the risk is and how much risk we can tolerate.”
Measuring the effectiveness of a security strategy is challenging for a large banking organization like Société Générale, which has multiple business lines and operates in 120 countries. It is important to make wise investment decisions in security, especially because no business has an unlimited security budget and it is never possible to eliminate risk completely. “Banks take risks all the time,” says Cedric Thevenet, chief information security officer of Société Générale. “Our biggest challenge is defining where the risk is and how much risk we can tolerate.”