Skip to content
Security Reversed Red


cyber controls

Security Reversed Red


cyber indicators

Security Reversed Red


risks managed

The ORX Cyber Controls and Indicators Benchmark is an invaluable resource that provides an aggregated view of cyber control and indicator environments. It allows participating financial organisations to gain deeper insights and understanding of industry practice. 

The ORX Cyber Controls and Indicators benchmarking provides personalised controls and indicators benchmark reports showing where your organisation is positioned compared to your peers across the industry. The first of its kind in the industry, the benchmark is available as part of the ORX Cyber service

How does it work?

Every year there are two data cycles and each participant financial institution shares their data through our secure Insight platform in order to receive their personalised benchmark. 

After rigorous quality assurance, we then publish your personalised benchmark report, outlining how your controls and indicators compare to those of your peers. An editorial reporting is published annually, providing further insights into the aggregated data sets. 

How does the benchmark help the enhance control and indicator practices? 

The ORX Cyber Controls and Indicators Benchmark supports the identification of weak, infective or missing controls and the effective allocation of IT budget. Controls are assessed against the 108 controls in Version 1.1 of the NIST framework, while indicators are assessed against our bespoke list of indicators, aligned to the functions of the NIST framework.

What's in the benchmark?

The benchmark provides insights on general industry practice, including control and indicator attributes including automation levels, control/indicator types, and associated risks. The benchmark is aligned to the industry NIST framework, participating firms complete the submission template by assessing their controls against the framework.

Controls information

  • Whether they are automated
  • Whether they are preventive, corrective, detective or directive
  • Whether they are operated internally or externally
  • What risks they manage

Indicators information

  • How frequently they are monitored
  • Whether they are leading or lagging
  • Where they are typically reported
  • Whether they are manually operated
  • What risks they manage

Gated content start

The ORX Cyber Controls and Indicators Benchmark is available to ORX Cyber subscribers and ORX members

If your firm is a subscriber or a member, log in or register to find out more and take part.

Log into the ORX website

Register for an account

Not an ORX Cyber subscriber? Find out more about the service and how it could benefit your firm.

ORX Cyber