Key Performance Indicators (KPIs)
Measuring “Cyber Success”
05
CYBER INSURANCE
MEASURES AND STANDARDS
What constitutes success for you, what are the KPIs for cybersecurity?
- Rental companies report that cost and cyber ROI over a period are not easily identifiable, so not commonly measured because cybersecurity is an embedded process within all the business processes.
- Most companies measure security costs, but these tend to be aimed at direct costs only.
How is success measured?
Maturity
- Organisation’s chosen maturity framework
- Self audit or external audit and risk assessment
How is success measured?
Attack and loss avoidance
- Systems data on attempted and blocked attacks or data compromise events
Penetration testing…
- internal,
- external or,
- “Bounty – Pay-per-result” process.
A NUMBER OF CYBER KPI, KRI AND ROI CALCULATORS
CAN BE USED, BUT NONE REPRESENT LEADING OR ACCEPTED STANDARD METHODS
Technical calculators for ROI and KRI include:
RETURN ON INVESTMENT (ROI) OF CYBERSECURITY
“To calculate a ROI, you must first determine the amount invested. This can vary based on many factors.
Managed Detection & Response (MDR) offerings are less expense and more standardised than Managed Security Services (MSS) solutions. Both offer 24×7 protection from cyber threats using a set of tools and expertise.”
RETURN ON INVESTMENT (ROI) OF CYBERSECURITY
- Analysis of key performance indicators (KPIs), key risk indicators (KRIs), and security postures provides a snapshot of how your security team is functioning over time. Helping you better understand what is working and what is worsening, improving decision-making about future projects.
- Metrics provide quantitative information that you can use to show management and board members you take the protection and integrity of sensitive information and information technology assets seriously.
14 Cybersecurity Metrics + KPIs You Must Track in 2022 | UpGuard
Key measures also include:
> Lost business and customer impact
> Efficiency in identifying a breach
> Analysis by type of attack
38%
Lost business share of total breach costs
Lost business represented the largest share of breach costs, at an average total cost of $1.59M.
287
Average number of days to identify and contain a data breach
The longer it took to identify and contain, the more costly the breach.
20%
Share of breaches initially caused by compromised credentials
Compromised credentials was the most common initial attack vector, responsible for 20% of breaches. IBM