"

Organizations that apply just the first five CIS Controls can reduce their risk of cyber attack by around 85 percent. Implementing all 20 CIS Controls increases the risk reduction to around 94 percent.

- The Center for Internet Security