Cybersecurity KRIs to track
Number of applications currently running in the organization without a service level agreement (SLA): Without an SLA, your organization may be engaging with a high-risk vendor. The vendor may not adhere to your regulations or they could end service at any moment, causing a disruption in the business.
Number of ISP outages: High numbers of outages can be an indicator that it’s time to change providers. Especially if you provide online services, outages can mean business comes to a full stop.
Number of system backup failures: New or upgraded software can cause backup failure, or there could be misconfigurations due to overly customizable software that result in backup failures.
Total discrepancy (dollars) of IT budget versus actual: Over-spending in IT can mean critical or new tools go unfunded. Under-spending can mean IT is overlooking important investments or isn’t budgeting accurately
Average amount of time to resolve IT support requests: Higher time to close tickets can indicate a lack of resources, which may lend itself to larger, undiscovered issues which could cause business interruptions.
Average time between employee termination and disabling of accounts/ termination of access to all systems: Allowing terminated employees to continue to access data and systems could lead to serious data breaches.
Time to resolve a critical incident and the number of critical incidents: Extended time to resolve a critical incident may infer that the organization’s critical incident procedure requires an overhaul
Number of company-issued phones without monitoring software installed: Monitoring software can locate a lost or stolen phone, and wipe the data before it gets into the wrong hands. All company-issued phones should have this software installed.
Number of active default database administrator accounts: Pre-configured default database administrator accounts means if an event were to happen, you can’t tie it back to an individual and resolve the issue.
Time to respond to requests for personal data: Massive fines can be issued for organizations who breach GDPR. This could cause serious financial and reputational damage.
Number of concurrent system logins using the same ID: Could indicate an employee has shared their login credentials with an unauthorized individual who shouldn’t have access to confidential information.
Total number of users with similar roles but dissimilar security assignments: This could indicate that one employee may be accessing customer data files that they shouldn’t.
Number of employees who click on IT-sent phishing emails: By setting up and testing employees with fake phishing emails, you can identify those employees that require additional security training.
Pass/fail results for employee information security training: Employees who fail or don’t complete security training regularly increase the risk of customer information being shared.
Frequency of review of high, elevated (privileged) permissions on IT systems: These accounts are more likely to be targeted by cyber attackers to gain access to confidential or customer data.