1 Introduction to cybersecurity metrics
This chapter covers
- What metrics are
- What cybersecurity frameworks are
- The significance of metrics in modern cybersecurity
- The changing landscape of cyber threats
In 2006, British Mathematician Clive Humby famously said, “Data is the new oil.” This statement holds even more weight in today’s digital world, where data plays a crucial role in shaping business strategies, guiding product development, and determining the overall success of organizations. For many companies, data forms the backbone of their business models. However, just as crude oil requires refining to be useful, raw data must be transformed into actionable insights to deliver value. This is particularly true in cybersecurity, where metrics provide the lens through which organizations can interpret data to identify risks, measure performance, and align their security posture with broader business objectives. Cybersecurity metrics bridge the gap between raw data and strategic decision-making, turning potential threats into opportunities for resilience and growth.