Our competitor has worse security, so we're doing well aren't we?
Posted on 2021-02-23 by Matt Strahan in Business Security
In business you have a day-to-day competition that feels very “survival of the fittest”. Your competitors come up constantly in meetings. You note their movements and announcements and try and match their moves. Companies don’t exist in a bubble, they exist in a constantly moving industry and competitive landscape.
It’s no wonder then that when we talk about risks for a business after performing penetration testing or testing their compliance against ISO27001 or NIST we’re asked “how does this compare to the industry we’re in?” This is a valid question, don’t get me wrong, but I sometimes wonder, what difference does it make?