Tracking the wrong KPIs is as good as not tracking the effectiveness of your cybersecurity measures at all. As far as KPIs go, businesses fall into these categories:
- Those that are tracking the right KPIs
- Those tracking the wrong KPIs without knowing they are doing so
- Those tracking the wrong KPIs knowing fully well they are doing so
- Partially tracking the KPIs (this is true in the case of SecOps teams whose core objective is compliance alone)
A majority of the respondents in our CISO survey thus far have indicated that they have a challenge with tracking the right KPIs. This is more so in the instance of large and very large enterprises and small businesses. Those in between are doing fairly well but there is certainly some room for improvement there as well. So how do businesses end up tracking the wrong KPIs?
The answer to this lies in the way security programs were designed years ago. When it comes to large manufacturing entities, security programs were conceptualized and implemented to secure infrastructure without hampering operations. In case where operational priorities were deemed too important, security took a back seat and this approach has left its mark on the KPIs that such organizations are tracking.
In the case of some utility companies, all teams were already burdened with tracking multiple KPIs already. This meant that only those KPIs that were absolutely necessary were tracked. In some instances, even KPIs linked to systems that were only partially functional were tracked leading to wastage of bandwidth. In the case of maritime companies and those connected with renewable energy projects, few KPIs were tracked as there wasn’t enough bandwidth or cybersecurity solutions deployed to track more KPIs.
Why is it important to track the right cybersecurity KPIs?
Before we understand how the right KPIs can help, here are a few facts that our research team discovered during their interactions with security teams from across verticals:
- KPIs are often updated when a new compliance mandate is released by a regulator. There are no KPI updating cycles that most businesses follow.
- While SecOps efficiency is often tracked, the load on an individual SOC analyst is often not tracked. This adds to SOC fatigue and overwhelmed security teams that may miss out on a critical alert
- We also came across enterprises that are implementing frameworks such as IEC 62443 and Zero Trust without having any specific KPIs to track the effectiveness of the implementation of such frameworks
- Supply chain cybersecurity KPIs are tracked by very few businesses because of the inherent complexities involved
- Some of the most easy to track yet important KPIs (which don’t even require a solution in some cases are currently not tracked by businesses)
With the shrinking malware development and launch cycles, the threat environment is rapidly deteriorating. It is therefore important to have a tried and tested strategy to track and monitor the right KPIs. Not only do the right KPIs strengthen a cybersecurity program, but they can also keep threats at bay and reduce the burden on the SecOps team and security analysts. Tracking the right KPIs also helps your security team evolve faster and execute a more mature and consistent security program that is better aligned to the cyber realities of the digital space that we operate in.
In order to track the right KPIs, the following steps will have to be followed:
- Start by identifying the right stakeholders, processes, output, objectives, and available bandwidth connected with your existing cybersecurity program
- Outline 10 important outcomes that are very relevant for your cybersecurity program and start identifying the connected KPIs
- Take the next batch of 10 most important KPIs and put together the next set of KPIs.
- Follow this process till you have a KPI pool available. Then work with all the stakeholders to finalize the KPIs. Keep compliance goals in mind as well while finalizing the list.
- Test run the KPIs across one full cycle (could be for a week or a month) and see how effective the run is and whether any of the KPIs causes a bandwidth crunch or if any of the KPIs cannot be tracked because of lack of tools
- Pay more attention to parameters such as speed of detection, speed of response, malware analysis time, and false-positive detection rates, if required
- See if you can borrow KPIs from peers for review.
Confused about where to start your IoT and OT cybersecurity KPI journey? Download this exclusive paper on building and tracking cybersecurity KPIs to reduce the learning curve.
Talk to our cybersecurity KPI specialists to learn how you can launch a KPI program in just 14 days or if you wish to validate your existing KPIs: Contact Us
We have entered the last phase of the Sectrio CISO Peer Survey 2022. The survey will be closed for responses in the next two weeks so make sure you participate in this effort to gain insights into the strategies and tactics your peers are using to defend their digital transformation journey.
Participate in the CISO Peer Survey 2022 and make your opinion count now, fill up our uniquely designed survey here: CISO Peer Survey 2022
Book a demo now to see our IT, OT and IoT security solution in action: Request a Demo
Try our threat intelligence feeds for free for the next two weeks.