Key Performance Indicators (KPIs)

Measuring “Cyber Success”

05

CYBER INSURANCE

MEASURES AND STANDARDS

What constitutes success for you, what are the KPIs for cybersecurity?

  • Rental companies report that cost and cyber ROI over a period are not easily identifiable, so not commonly measured because cybersecurity is an embedded process within all the business processes.
  • Most companies measure security costs, but these tend to be aimed at direct costs only.

TYPICAL KPIS AND MEASURES OF COST TYPICALLY DEAL WITH DIRECT COSTS AND INCLUDE:

How is success measured?

Maturity

  • Organisation’s chosen maturity framework
  • Self audit or external audit and risk assessment

How is success measured?

Attack and loss avoidance

  • Systems data on attempted and blocked attacks or data compromise events

Penetration testing…

  •  internal,
  • external or,
  • “Bounty – Pay-per-result” process.

A NUMBER OF CYBER KPI, KRI AND ROI CALCULATORS
CAN BE USED, BUT NONE REPRESENT LEADING OR ACCEPTED STANDARD METHODS

Technical calculators for ROI and KRI include:

RETURN ON INVESTMENT (ROI) OF CYBERSECURITY

“To calculate a ROI, you must first determine the amount invested. This can vary based on many factors.

Managed Detection & Response (MDR) offerings are less expense and more standardised than Managed Security Services (MSS) solutions. Both offer 24×7 protection from cyber threats using a set of tools and expertise.”

ROI of Your Cybersecurity Investment – Cipher

RETURN ON INVESTMENT (ROI) OF CYBERSECURITY

  1. Analysis of key performance indicators (KPIs), key risk indicators (KRIs), and security postures provides a snapshot of how your security team is functioning over time. Helping you better understand what is working and what is worsening, improving decision-making about future projects.
  2. Metrics provide quantitative information that you can use to show management and board members you take the protection and integrity of sensitive information and information technology assets seriously.

14 Cybersecurity Metrics + KPIs You Must Track in 2022 | UpGuard

Key measures also include:

> Lost business and customer impact
> Efficiency in identifying a breach
> Analysis by type of attack

38%

Lost business share of total breach costs

Lost business represented the largest share of breach costs, at an average total cost of $1.59M.

287

Average number of days to identify and contain a data breach

The longer it took to identify and contain, the more costly the breach.

20%

Share of breaches initially caused by compromised credentials

Compromised credentials was the most common initial attack vector, responsible for 20% of breaches. IBM