Cybersecurity Benchmarks

TrustMAPP is not only pioneered the category in cybersecurity performance management but we also are the industry leader. With over a decade of data atour disposal, customers of TrustMAPP can lean in on our standardized industry benchmark for cybersecurity and with this knowledge provide insights to exutivie teams, cybersecuitiy committee’s and Board of Director breifings.

What is the MAPP Score?

The approach that TrustMAPP uses is based on the proprietary MAPP framework built for assessing and managing the maturity of information security programs.

MAPP is an acronym that stands for Maturity Assessment, Profile, and Plan (MAPP) and it is comprised of three (3) key parts:

  • Maturity Assessment – Meaure the cybersecurity maturity of the organization by assessing against one or more security industry frameworks (such as ISO 27001, NIST 800-53, or NIST Cybersecurity Framework) and/or regulations (such as HIPAA). Assessment responses are then automatically scored to derive a cybersecurity maturity score for the organization.
  • Profile – Review findings and recommendations for improvement. Report on and communicate assessment results. Obtain stakeholder buy-in to develop plans and projects to improve maturity gaps discovered in the assessment phase.
  • Plan – Develop roadmaps, plans, and projects based on TrustMAPP’s built-in resource and budget estimates to address identified maturity gaps and build a stronger, more mature information security program.

With TrustMAPP, customers report on compliance, and maturity while identifying risk in a single assessment. The MAPP methodology has become the source of strategic value for security teams across North America.

Who Uses MAPP Scores and Industry-Specific Peer Benchmark

Security And Risk Teams

use MAPP Scores to understand exposure and hidden risk across business units

Third Party Risk Teams

use MAPP Scores to assess and manage risk across their vendor portfolio

Board of Directors

use MAPP Scores and Benchmarks to understand the performance of cybersecurity programs

Regulatory Bodies

use MAPP Scores as they evaluate performance to compliance and policy requirements


use them to prioritize investments and evaluate risk in their portfolio

GRC Teams

leverage MAPP Scores to monitor the health of their policy and control landscape


use them to underwrite policies and assess risk across the portfolio


use MAPP Scores and reporting data to quickly understand the security posture of entities housing sensitive information