I'm curious if spending time to boost our Microsoft 365 Secure Score is actually worthwhile. Will we gain any recognition or just be congratulated with a simple pat on the back for our efforts?
7 Answers
Every bit contributes to your overall security, and there are many best practices within the Secure Score recommendations. Even if it’s just a number, it can be useful for getting attention in management meetings—especially if you can position your organization above the average.
A lot of cyber insurance applications now require you to report your Secure Score, so having a higher score can be beneficial for that reason. It also serves as evidence for annual audits, which is pretty significant.
Interesting to know!
I often wonder what other ridiculous requirements cyber insurance companies will come up with—it's never dull!
You shouldn't aim for a perfect 100 score. It's more about balancing security needs with productivity. If you have other pressing concerns like outdated systems, prioritize those instead of chasing after a high number.
It’s definitely a good approach to tackle the action items, even if they're marked as completed with third-party help. Just remember, your score may fluctuate over time as items can be added or removed.
Improving your Secure Score does help strengthen your security posture, but rather than just focusing on that score, prioritize crucial actions like implementing phishing-resistant MFA and enforcing it for all accounts, especially admins. Those are the changes that can really make a difference.
Thanks for sharing your insight!
We've found it important. Despite some companies we acquire having low scores, ours is around 87, and we present that at our board meetings. It helps inform our budget decisions and is essential for our cyber insurance.
Honestly, outside of a few people, like your Microsoft sales rep, no one really cares about the score itself. It seems to be more of a marketing tool than anything else.
True that!