Cybersecurity Metrics — A Data-Driven Framework for the Future

Cybersecurity Metrics — A Data-Driven Framework for the Future


This IDC Perspective details a framework for cybersecurity metrics that enables effective data-driven leadership. Cybersecurity has grown up. Once the dominion of the hoodie-wearing basement dwellers, the topic has elevated to the C-suite and beyond. In essence, cyber-risk equals business risk. Just as revenue and expense information is shared at all levels of the organization, there is a need to share information on the effectiveness and efficiency of cybersecurity with operations, management, and corporate governance.Cybersecurity metrics are extremely misunderstood. This confusion has much to do with how cybersecurity has evolved and matured over the past 40 years. What is needed are metrics derived from a consolidated intelligence repository in the form of a language that communicates risk likelihood versus impact to the business, whether financial or otherwise. Today's environment calls for a capability to collect rich contextual information that provides not only metrics and statistics but additional risk and compliance insights and themes across the cybersecurity program to aid in both strategic and tactical management, known as data-driven metrics.GRC platforms can provide data-driven metrics leveraging a rich, consolidated repository of internal and external business, IT, and cybersecurity contextual intelligence. Through automation, machine learning (ML), and AI, GRC platforms of today can utilize and enhance findings through an integrated repository of internal and external contextual business, IT, and cybersecurity intelligence fabric."Possessing a rich contextual set of intelligence data dramatically enhances cybersecurity leadership based upon accurate and consolidated data and insights that can address any level of management throughout an organization," says Philip Harris, research director, Governance, Risk, and Compliance Services at IDC. "It is critical more so now than ever for executive management and board members to have a complete picture of the risk and compliance posture for their organization and drive decisions based upon objective and accurate information."


Executive Snapshot

Situation Overview

Data-Driven Metrics

Qualities of Data-Driven Metrics

Elements to Consider in Crafting Metrics

Advice for the Technology Buyer

Appropriate Metrics by Audience

Strategic Governance Metrics

Audience

Categories and Details

Managerial Metrics

Audience

Categories and Details

Operational Metrics

Audience

Categories and Details

Benefits

Learn More

Related Research

Synopsis

Download our eBook: How to Succeed Using Market Research

Learn how to effectively navigate the market research process to help guide your organization on the journey to success.

Download eBook
Cookie Settings