Industry Experts Join Forces to Develop a Results-Driven Approach to Cybersecurity

ESI ThoughtLab launches a cutting-edge, global research initiative

December 11, 2019 (Philadelphia, PA) – ESI ThoughtLab and a coalition of leading industry professionals today announced the launch of Driving Cybersecurity Performance: Improving results through evidence-based analysis. This research initiative will provide executives with much-needed evidence-based analysis for understanding and benchmarking cybersecurity investments, practices, and performance results for their industries.  

With cyber risks rising as the digital revolution goes mainstream, companies need to shift from generic risk frameworks to results-based strategies that can successfully mitigate unfolding risks and provide optimal outcomes, said Lou Celi, CEO of ESI ThoughtLab and director of the study. 

To fill the cybersecurity knowledge gap, ESI ThoughtLab is conducting a rigorous benchmarking study of 1,000 CISOs in companies across the Americas, Europe, and Asia PacificThe study will cover firms of varying sizes, from $50 million to over $50 billion in revenue, and across 15 industries in differing stages of digital maturityThe research will gather, analyze, and compare rich array of cybersecurity data broken out by region, industryrevenue size, and digital maturity, including: 

  • Investments in people, process, and technology, as well as in key cybersecurity areas (prescribed by NIST), including identify, detect, protect, respond, and recover. 
  • Information on cybersecurity roles, responsibilities, internal and external resources, and organizational approaches. 
  • Over 25 key cybersecurity metrics, from mean time to identify, contain, and recover to number of times a year that phishing testsbackup restoration drills, and employee security awareness training are conducted. 
  • The full costs of cyberattacks, including direct costs (such as fines and legal fees) and indirect costs, associated with reputational, IP and productivity losses. 
  • Stages of cybersecurity maturity and their impact on cybersecurity investments and returns, including the ROI on cybersecurity organizational measures, and risk mitigation processes and technologies. 

To carry out this comprehensive research initiative, ESI ThoughtLab is working in collaboration with a global coalition of cybersecurity industry experts and research organizations. These organizations include Verizon, AIG, Fiserv, KnowBe4, Check Point, Optiv,, Cowbell Cyber, and more. 

For most companies, the stakes have never been higher,” said Mr. Celi A study we conducted of large companies earlier in the year showed that they lost $4.7 million last year on average, and for more than one in 10 companies surveyed that figure was over $10 million. This research will provide senior executives with an evidence-based playbook for minimizing these losses in the future.”   

Driving Cybersecurity Performance is a follow-up study to ESI ThoughtLab’s 2018 program, The Cybersecurity Imperative. Additional information on both programs can be found by visiting 

For further information, please contact: 

Lou Celi, Program Director
ESI ThoughtLab
    Mike Daly, Marketing Director
    ESI ThoughtLab

About ESI ThoughtLab: ESI ThoughtLab is the thought leadership arm of Econsult Solutions Inc., a leading economic consultancy. The innovative think tank offers fresh ideas and evidence-based analysis to help business and government leaders understand and respond to economic, industry and technological shifts around the world. Its team of top economists and thought leaders excel at creating valuable decision support that combines visionary thinking, analytical excellence, and multi-format content.   

About AIG: AIG is a global leader in the technology insurance sector, providing comprehensive and customizable solutions that address the unique coverage and risk management needs of individuals and organizations that create, distribute, or work with technology. Our cyber insurance coverage provides an end-to-end risk management solution that helps you stay ahead of the curve of cybersecurity risk. AIG coverage helps prevent and safeguard against sensitive data breaches, computer hacking, employee error, and more. 

About Arceo’s mission is to secure enterprises from cyber threats by blending cybersecurity expertise, credible risk assessments, and risk transfer. Our end-to-end cyber risk analytics and insurance platform enables insurers and brokers to better assess, underwrite, and manage cyber risks using AI for advanced and dynamic risk assessment. Arceo is privately funded and headquartered in San Francisco, California with offices in Chicago, Baltimore, and New York. For more information, visit  

About Check Point: Check Point Software Technologies Ltd. Is a leading provider of cybersecurity solutions to governments and corporate enterprises globally. Its solutions protect customers from cyberattacks with an industry leading catch rate of malware, ransomware and other types of attacks. Check Point offers a multilevel security architecture that defends enterprises’ cloud, network and mobile device held information, plus the most comprehensive and intuitive one point of control security management system.  

About Cowbell Cyber: Cowbell Cyber maps insurable threats and risk exposures using artificial intelligence to determine the probability of threats and impact on coverage types. In its unique approach to risk selection and pricing, Cowbell compiles Cowbell Factor™, a set of risk-rating factors, that enable continuous underwriting and expedite quoting and binding for brokers. As a result, small and mid-size enterprises (SMEs) can subscribe to Cowbell Prime™ 100, Cowbell’s standalone cyber coverage available via brokers in the first quarter of 2020.  

About Fiserv: Fiserv, Inc. aspires to move money and information in a way that moves the world. As a global leader in payments and financial technology, the company helps clients achieve best-in-class results through a commitment to innovation and excellence in areas including account processing and digital banking solutions; card issuer processing and network services; payments; e-commerce; merchant acquiring and processing; and the Clover® cloud-based point-of-sale solution.  

About KnowBe4: KnowBe4 is the world’s largest security awareness training and simulated phishing platform that helps you manage the ongoing problem of social engineering. The KnowBe4 platform is user-friendly and intuitive. It was built to scale for busy security leaders and IT pros that have 16 other fires to put out. ur goal was to design the most powerful, cost effective and easy-to-use platform available. 

About Optiv: Optiv is a security solutions integrator – a global, “one-stop” trusted partner with a singular focus on cybersecurity. Our end-to-end cybersecurity capabilities span risk management and transformation, threat management, cyber operations, identity and data management, and integration and innovation, helping organizations realize stronger, simpler and more cost-efficient cybersecurity programs that support business requirements and outcomes. At Optiv, we are modernizing cybersecurity to enable clients to innovate their consumption models, integrate infrastructure and technology to maximize value, achieve measurable outcomes, and realize complete solutions and business alignment. For more information about Optiv, please visit us at  

About Verizon: Verizon Communications Inc. is headquartered in New York City. The company operates America’s most reliable wireless network and the nation’s premier all-fiber network and delivers integrated solutions to businesses worldwide. With brands like Yahoo, TechCrunch and HuffPost, the company’s media group helps consumers stay informed and entertained, communicate and transact, while creating new ways for advertisers and partners to connect. Verizon’s corporate responsibility prioritizes the environmental, social and governance issues most relevant to its business and impact society.