Meaningful Metrics for Human Cyber Risk

Summary

Most organisations fail to measure their human cyber risk.

Some measure security training uptake. Some go a little further and measure suspicious link-clicks or report-rates. But very few can answer key security questions such as “How has our human cyber risk changed over time?” and “Which security interventions reduce most risk?”. 

To answer such questions, we, in the security industry, need meaningful metrics. We need to be able to benchmark. We need to be able to see progress. We need to be able to measure success and impact.

Authors

Dr. John Blythe, CPsychol
Dr. John Blythe, CPsychol

Head of Behavioural Science

John is Head of Behavioural Science at CybSafe and a Chartered Psychologist with the British Psychological Society. He has a PhD in psychology and over eight years’ experience in researching the connections between people and cyber security. John is passionate about helping people use technology in the most effective, safe and productive way they can.

Joe Giddens
Joe Giddens

Head of Content, Concepts & Community

Joe is Head of Content, Concepts and Community at CybSafe. Joe is a former specialist detective in the Metropolitan Police Cybercrime Unit. Where he was responsible for the investigation, detection and prevention of complex online fraud and cybercrime. Joe enjoys taking complicated security ideas and making them simple.

Oz Alashe MBE
Oz Alashe MBE

CEO & Founder of CybSafe

Oz is a former Lieutenant Colonel in the British Army and UK Special Forces. His background gives him a unique insight into the socio-technical realities of cyber security and the sensitivities around changing human behaviour. Oz is the CEO and founder of CybSafe.