Setting Targets for Improvement

Every organisation's path to digital and cybersecurity maturity is unique, shaped by its industry, size, and strategic objectives. This page provides a structured approach to setting improvement targets based on your assessment results, ensuring your efforts are strategic, achievable, and aligned with your goals.

1. Focus on High-Impact Areas

Prioritise the themes and sub-themes that are most critical to your organisation's success:

• Manufacturers: May prioritise supply chain security and operational resilience.

• IT Providers: Likely to focus on data protection, application security, and seamless system integration.

• Consultants and R&D Organisations: May emphasise compliance and innovation in cybersecurity practices.

2. Align Goals with Timeframes

Set improvement goals across short-, medium-, and long-term horizons:

• Short-Term Goals: Address immediate gaps needed to meet compliance requirements.

• Medium-Term Goals: Focus on enhancing capabilities and maturing processes.

• Long-Term Goals: Target optimisation and continuous improvement for advanced maturity.

Example:

• Short-Term: Implement basic access controls for sensitive data (3 months).

• Medium-Term: Conduct regular cybersecurity audits and refine incident response plans (6–12 months).

• Long-Term: Establish advanced monitoring and automated security protocols (18–24 months).

3. Track Progress with KPIs and Metrics

Use the Performance Type guidance from the assessment to monitor progress effectively:

• Capabilities: Define specific actions needed for improvement (e.g., training, process implementation).

• IGPs (Indicators of Good Practice): Evaluate alignment with qualitative best practices.

• Metrics/KPIs: Quantify progress with measurable indicators (e.g., percentage of encrypted systems, frequency of training sessions).

Regular tracking ensures alignment with your improvement plan and highlights where adjustments are needed.

4. Set SMART Goals

Adopt the SMART framework to ensure your targets are actionable and effective:

• Specific: Clearly define actions, such as implementing encryption for all sensitive data.

• Measurable: Use KPIs like "percentage of employees trained in cybersecurity" to track progress.

• Achievable: Ensure goals are realistic given current resources and capabilities.

• Relevant: Align targets with business objectives and compliance needs.

• Time-Bound: Set deadlines, such as "complete access control implementation within 6 months."

5. Plan for Continuous Improvement

Reaching a target score is just the beginning of the improvement journey. Embed a culture of continuous development:

• Document Improvements: Record what has been implemented and its impact to inform future efforts.

• Reassess Periodically: Revisit the assessment to track progress and adjust goals as needed.

• Gather Feedback: Use stakeholder input to refine practices and ensure improvements remain effective.

6. Example Target-Setting for Data Security

Below is a structured approach to setting targets for Data Security in the Data Architecture area:

Your Roadmap to Improvement

By focusing on high-impact areas, tracking progress with KPIs, and setting SMART goals, organisations can steadily move up the Pathway Levels from Bronze to Silver and Gold. For additional guidance:

• Explore the Best Practice Resources section for tools and templates to support your improvement journey.

• Use the Digital Pathway Assessment Tool to monitor progress and track achievements over time.

This approach ensures organisations can systematically address gaps, achieve compliance, and ultimately become leaders in digital maturity and cybersecurity resilience.