The 20 Worst Metrics in Cybersecurity

The 20 Worst Metrics in Cybersecurity
Security leaders are increasingly making their case through metrics, as well they should - as long as they're not one of these.

After a decade or more of exhortations from cybersecurity pundits that CISOs need to be more data-driven and speak in the language of business — namely through numbers and measurement — the metrics message is finally sinking in. Whether it is to justify spending, quantify risk, or generally keep the executive suite up on security doings, CISOs discussions are now awash in dashboards, charts, and key performance indicators. The only problem? A lot of the numbers security teams and their leadership uses are, well, not very useful.


In fact, many of the measurements made are vanity metrics, presented with litt ..