Measuring your cybersecurity can be tricky
Especially for small businesses, complex key performance indicators may be well beyond the capabilities and resources that are available.
Focus on what actually matters when trying to evaluate your cybersecurity measures. Use the following indicators, as recommended by the business2community.com website.
Cost per incident
This is not only about how much you spend on security software and analysis, but also how hampered your productivity or profitability is. Assessing the monetary impact of all incidents is really important.
Number of reported incidents
This is the number of security incidents that happen in your systems. There may be some breaches you don't even know about, so it is not easy. But there are services providing automatic alerts for vulnerabilities of your systems.
Number of major incidents
When you collect data on how many incidents there are, you should also segment them at least into large and small incidents.
- Large incidents: these affect your company directly and have the potential to compromise critical parts of company infrastructure or cause the biggest financial impacts.
- Small incidents: you should also be aware of the number of small incidents. These might include, for example, an obvious e-mail phishing scam that was detected right away; however, even small incidents can have an effect on profitability and clearing up afterwards may be costly, so keep an eye on this as well.
Customer impact
Collect data on how incidents affect your customers. Protecting your customers is important, so you need to know this.
-jk-