target audience: TECH BUYER  Publication date: Jul 2023 - Document type: IDC Perspective - Doc  Document number: # US51014923

IDC's Cybersecurity Capabilities Assessment Framework 1.0


  • Christopher Tozzi Loading
  • Frank Dickson Loading
  • Daniel Saroff Loading
  • Marc Strohlein


Get More

When you purchase this document, the purchase price can be applied to the cost of an annual subscription, giving you access to more research for your investment.

Related Links


This IDC Perspective discusses IDC's Cybersecurity Capabilities Assessment Framework 1.0 and assesses cybersecurity readiness across seven domains. The increased complexity of modern IT estates, combined with the expansion of practices like remote work and the innovation of novel attack techniques by threat actors, makes it more difficult than ever for businesses to manage cybersecurity threats and risks. To meet the challenge, organizations must implement cybersecurity best practices across seven key domains, including:

  • Network security
  • Endpoint security
  • Identity and digital trust
  • Data security
  • Application security
  • Response, recovery, and resilience
  • Governance, risk, and compliance

IDC's Cybersecurity Capabilities Assessment Framework 1.0 identifies the essential practices and strategies that businesses should implement within each of these domains to minimize their risk of experiencing a breach, as well as to mitigate the impact of successful attacks in the event that they do take place. In addition to discussing technical solutions, the framework highlights the business practices — such as stakeholder education and CISO communication with other executives and the corporate board — that form the foundation of a rigorous cybersecurity strategy.

"On the cybersecurity front, settling for technical solutions and best practices isn't enough," says Chris Tozzi, adjunct research advisor with IDC's IT Executive Programs (IEP). "The most resilient enterprises build security into their organizational structure and make it a business priority, not merely a technological endeavor."


Do you have questions about this document
or available subscriptions?