Skip to main content
What Is a Cybersecurity Posture?

The world of cybersecurity and cybercrime is rapidly evolving and a new vocabulary is developing to match. A relatively new addition to the cyber-lexicon is the concept of a ‘security posture’ or ‘cybersecurity posture.’ What does this refer to?

The cybersecurity posture of an organisation refers to its overall cybersecurity strength. This expresses the relative security of your IT estate, particularly as it relates to the internet and its vulnerability to outside threats.

Hardware and software, and how they are managed through policies, procedures or controls, are part of cybersecurity and can be referred to individually as such. Referring to any of these aspects individually is talking about cybersecurity, but to understand the likelihood of a breach a more holistic approach must be taken and an understanding of the cybersecurity posture developed. This includes not only the state of the IT infrastructure, but also the state of practices, processes, and human behaviours. These are harder to measure but can be reliably inferred from observation.

In the context of managing cybersecurity for organizations, directors and officers must make decisions based on deliberation and a sound appreciation of your overall cybersecurity posture. Understanding individual aspects of your cybersecurity approach is not enough.  A holistic approach that quantifies risk and considers the interaction of physical, virtual, and human factors can add great value.

Your cybersecurity posture alongside the application of analytics enables you to understand the likelihood of a future breach so that you can:

  • Take a holistic approach to controls to help determine breach likelihood, rather than reacting to transient factors that don’t accurately reflect risk.
  • Investigate and control where risk is introduced through suppliers or partners, particularly when they have access to your systems or data.
  • Determine your risk appetite and establish what risks you will accept, mitigate or where you can transfer risk to an insurer.
  • Benchmark your cybersecurity posture against others in your industry, and see whether you are likely to be the first choice for attackers.
  • Prioritize investments with a more informed point of view on both absolute and relative risks.

Want to understand more about your organization’s cybersecurity posture? Download our Executive Briefing, Understanding Your Cybersecurity Posture.

You can also review our Fact Sheet on Why You Should Understand the Cyber Risk of the Businesses in Your Network.


We wanted to understand more about how organizations are managing their cybersecurity posture and how prepared they are for a cyber-attack. We commissioned independent research company Ovum in 2017 to carry out a survey – discover what we found out in our white paper What the C Suite Needs to Know About Cyber-Readiness and 4 e-books that look at the results for different geographies.

** 2018 UPDATE: We commissioned Ovum to refresh the research in 2018 but expanded it from six to eleven countries, interviewing IT executives at over 500 companies.

For more information there are e-books available for each country surveyed:

FICO announced that it is offering free subscriptions to the Portrait portal of the FICO® Enterprise Risk Suite, which gives businesses access to their FICO® Enterprise Security Score. The score, a machine learning-based cybersecurity rating service, can show organizations how business partners and cyber insurance underwriters see their network security and can help them benchmark their performance. More information is at

related posts