The Benchmarking feature allows you to compare your organization's average total risk score over time against others in your industry or other industries. It uses your organization's NAICS (North American Industry Classification System) code to place you in an industry.
NAICS codes are 6-digits by default, with each set of digits or individual digit meaning something.
- The first two digits identify the Sector, or broad area in which an Organization operates.
- The third digit identifies the Subsector
- The fourth digit identifies the Industry Group
- The fifth digit identifies the Industry
- The final digit identifies the National Industry
If Cisco Vulnerability Management has a minimally viable number of customers in a particular category, we will create that category to benchmark against. We do not share our standards for minimum viability publicly. If Cisco Vulnerability Management does not have a minimum viable number of customers in a specific category we will benchmark you against the next highest grouping that does. The default benchmark will be displayed on your Home Page as "My Industry" and the name of that industry. In the example below, you will see "Commercial Banking (My Industry)". You can also compare your organization against six other sectors utilizing the dropdown menu on the right hand side. The sectors are "Finance and Insurance", "Health Care and Social Assistance", "Information", "Manufacturing", "Professional, Scientific, and Technical Services", and "Retail Trade".
Important: This feature is meant to compare your organization's risk appetite against others rather than how your organization is doing compared to others. Other organizations' total scores depend on many factors such as total asset count, percentage of total environment being scanned, use of prioritization, and how many vulnerabilities have been risk accepted. This is meant to be an additional data point to be used for the purpose of contextualizing your organization's vulnerability management and risk appetite.