Business Friction

A 0–100 metric measuring how much your security controls slow the business down. Heavy DLP, restrictive proxies, and aggressive blocking raise it. The board notices when friction-induced revenue losses outpace risk reduction.

Where this term fits in a CISO program

Business Friction is one of 35 cybersecurity strategy concepts CISO Game models live. Business Friction appears throughout the simulation — in the risk register, the investment catalog, and the mechanics reference — so a player encounters the concept in context rather than as an isolated definition.

See it in play

The fastest way to internalize Business Friction is to watch it move during a 5-year program. Start a free CISO Game run to see how this concept interacts with budget, hiring, and incident response across 20 quarters of strategic play.

Related glossary terms

• Best-of-Breed StrategyA program-shaping strategy that buys the leading point product in each category …
• Board ConfidenceA 0–100 metric tracking how the board of directors feels about your security pro…
• Composite PostureComposite Posture is a single 0–100 score that summarizes an organization's over…
• Continuous Control Monitoring (CCM)Tooling that automatically and continuously verifies security controls are in pl…

← Board Confidence · All terms · Composite Posture →

Play CISO Game free →