Rethinking cybersecurity metrics: prioritising behavioural data over outdated methods for effective risk management.
Cyber risk is evolving, yet many organisations still use outdated metrics for decision-making.
Jacqueline Jayne, host of Ticker Clicks, discusses this issue with Andrew Pedroso from SoSafe, emphasising the need to rethink how security awareness programmes are measured to effectively address human cyber risk.
Current measures like phishing simulations and training completion rates do not accurately reflect secure behaviour in real risk scenarios. These traditional metrics fail to provide a comprehensive understanding of human risk, similar to counting fire drills without considering response behaviour in actual emergencies.
Organisations need to adopt behavioural metrics that track employee responses to real phishing attempts, reporting behaviours, and security control violations. Tools like SoSafe’s Human Security Index offer behavioural insights, providing a dynamic view of human risk in organisations.
