Visible to the public Cyber KPI for Return on Security Investment

TitleCyber KPI for Return on Security Investment
Publication TypeConference Paper
Year of Publication2019
AuthorsOnwubiko, Cyril, Onwubiko, Austine
Conference Name2019 International Conference on Cyber Situational Awareness, Data Analytics And Assessment (Cyber SA)
ISBN Number978-1-7281-0232-0
Keywordscyber dashboard, cyber incidents, cyber KPI, cyber security, cyber security benefits, cyber security incident, cyber security reports, cyber security return, cyber subject matter experts, cyber-attack, cyber-attacks, Metrics, pubcrawl, return on investment, Return on Security Investment, ROI, RoSI, security investment, security metrics, security of data

Cyber security return on investment (RoI) or return on security investment (RoSI) is extremely challenging to measure. This is partly because it is difficult to measure the actual cost of a cyber security incident or cyber security proceeds. This is further complicated by the fact that there are no consensus metrics that every organisation agrees to, and even among cyber subject matter experts, there are no set of agreed parameters or metric upon which cyber security benefits or rewards can be assessed against. One approach to demonstrating return on security investment is by producing cyber security reports of certain key performance indicators (KPI) and metrics, such as number of cyber incidents detected, number of cyber-attacks or terrorist attacks that were foiled, or ongoing monitoring capabilities. These are some of the demonstratable and empirical metrics that could be used to measure RoSI. In this abstract paper, we investigate some of the cyber KPIs and metrics to be considered for cyber dashboard and reporting for RoSI.

Citation Keyonwubiko_cyber_2019