Meaningful Cybersecurity Metrics for Human Cyber Risk
Most organizations fail to measure their human cyber risk.
Meaningful cyber security metrics are key to measuring the effectiveness of cyber security programs. Organizations and security leaders are well aware of their vulnerabilities, threats and security incidents rate. However, to increase security posture of their ogranizations and decrease data breach risk they need more comprehensive insight into human security behavior.
For that some organizations measure security training uptake. Some go a little further and measure suspicious link-clicks or report-rates. But very few can answer key security questions such as “How has our human cyber risk changed over time?” and “Which security interventions reduce most risk?”.
To answer such questions, we, in the security industry, need meaningful cyber security metrics. We need to be able to benchmark and set cybersecurity KPI. We need to be able to see progress. We need to be able to measure success and impact.
Authors
Dr. Jason Nurse
Director of Science & Research
Dr Jason Nurse is the Director of Science and Research at CybSafe, a market-leading security awareness and data analytics software company, and he is also an Associate Professor in Cyber Security at the University of Kent.
At CybSafe, Dr Nurse leads a team of behavioural scientists and researchers responsible for ensuring that the company’s product is grounded in scientific evidence and empowers users to make smarter security decisions and build better habits.
Joe Giddens
Head of Content, Concepts & Community
Joe is Head of Content, Concepts and Community at CybSafe. Joe is a former specialist detective in the Metropolitan Police Cybercrime Unit. Where he was responsible for the investigation, detection and prevention of complex online fraud and cybercrime. Joe enjoys taking complicated security ideas and making them simple.
Oz Alashe MBE
CEO & Founder of CybSafe
Oz is a former Lieutenant Colonel in the British Army and UK Special Forces. His background gives him a unique insight into the socio-technical realities of cyber security and the sensitivities around changing human behaviour. Oz is the CEO and founder of CybSafe.