Message : Required fields According to Gartner, 78% of organizations use 16 or more security tools and more than $150B is spent on information security every year. Further the Gartner hype cycles for cloud, network, application, and endpoint security cover more than 60 products. Despite all of these security solutions and spending, it remains difficult to definitively answer a key question: 'How secure is our organization?' Let alone, 'Are we protected from [the latest] cyber attack?' Here are some ways to start answering those questions. Security Scoring Whether internally developed or established by industry available tools, key performance indicators (KPIs) can be used to assess your cybersecurity posture across all security configurations and controls. KPIs are one way to answer the question of how secure an organization may be either as an absolute, based on its historical levels, or as compared to organizations of similar size, geographies, or business. Using KPIs can provide a relative assessment that can be considered reasonable. But simply being better than the average does not necessarily mean that your security is adequate for your level of risk.