More than one-third of organisations (34.2%) hope to achieve their KPIs for compliance benchmarks by incentivizing success or by penalizing failure, or by implementing both incentives and penalties.

79% of CISOs say KPIs for their security teams have changed substantially over recent years.