惯性聚合 高效追踪和阅读你感兴趣的博客、新闻、科技资讯
阅读原文 在惯性聚合中打开

推荐订阅源

B
Blog RSS Feed
V2EX - 技术
V2EX - 技术
P
Privacy & Cybersecurity Law Blog
T
The Exploit Database - CXSecurity.com
美团技术团队
WordPress大学
WordPress大学
博客园 - 司徒正美
S
Securelist
奇客Solidot–传递最新科技情报
奇客Solidot–传递最新科技情报
博客园 - Franky
Attack and Defense Labs
Attack and Defense Labs
Security Latest
Security Latest
L
LINUX DO - 最新话题
NISL@THU
NISL@THU
freeCodeCamp Programming Tutorials: Python, JavaScript, Git & More
cs.AI updates on arXiv.org
cs.AI updates on arXiv.org
让小产品的独立变现更简单 - ezindie.com
让小产品的独立变现更简单 - ezindie.com
腾讯CDC
Y
Y Combinator Blog
The Hacker News
The Hacker News
Security Archives - TechRepublic
Security Archives - TechRepublic
IT之家
IT之家
T
Threatpost
Hugging Face - Blog
Hugging Face - Blog
Scott Helme
Scott Helme
S
SegmentFault 最新的问题
Cyberwarzone
Cyberwarzone
C
Cisco Blogs
阮一峰的网络日志
阮一峰的网络日志
U
Unit 42
B
Blog
Microsoft Azure Blog
Microsoft Azure Blog
P
Proofpoint News Feed
小众软件
小众软件
V
Vulnerabilities – Threatpost
J
Java Code Geeks
V
Visual Studio Blog
Cyber Security Advisories - MS-ISAC
Cyber Security Advisories - MS-ISAC
A
Arctic Wolf
博客园 - 【当耐特】
Microsoft Security Blog
Microsoft Security Blog
S
Security @ Cisco Blogs
雷峰网
雷峰网
Help Net Security
Help Net Security
The Last Watchdog
The Last Watchdog
Recent Announcements
Recent Announcements
G
Google Developers Blog
C
CERT Recently Published Vulnerability Notes
T
Troy Hunt's Blog
MyScale Blog
MyScale Blog

Search Security Resources and Information from TechTarget

How to operationalize threat modeling with AI | TechTarget CISO First fully agentic ransomware attack sparks readiness concerns | TechTarget Evaluating secure enterprise browsers vs. security plugins | TechTarget The AI vulnerability storm is here: Is your security program ready? | TechTarget Perimeter to posture: A roadmap to zero trust maturity | TechTarget TLS certificate lifetime changes: What CISOs must do now | TechTarget The agentic AI 8 key aspects of a mobile device security audit program | TechTarget Why mobile security audits are important in the enterprise | TechTarget Beyond the perimeter: The shift to data-centric protection | TechTarget How agentic AI threat intelligence aids NGO cyber defense: Case study | TechTarget How to conduct a mobile app security audit | TechTarget NO FAKES Act advances: What CISOs need to know | TechTarget What CISOs should know about AI runtime security | TechTarget As Q-Day looms, 90% of systems are unprepared for PQC | TechTarget A CISO Most security pros say their culture is Zscaler lays out its vision to secure the AI era at Zenith Live | TechTarget The OpenClaw security risks every CISO needs to know | TechTarget Cloud security metrics and KPIs: A CISO Florida public sector training on SimSpace cyber range: Case study | TechTarget Reporters' Notebook — Focus on Cyber Insurance: How Quantifying Risk Is Reshaping Security It's time to update incident response for the AI era How to build AI security guardrails without blocking innovation The prosecution gap: Why cybercrimes go unpunished AI in cyberdefense: Learning from threat actors' playbooks Top identity and access management risks CISO role changes as cyber-risk appetites in the C-suite grow CISO's guide to data minimization Researchers build autonomous AI worm that can reason and adapt How to secure data at rest, in use and in motion How to find cyber-risk data sources for a FAIR analysis Lost in translation: Cybersecurity board reporting for CISOs How to prepare security controls for future AI regulations EO 14390 raises stakes for enterprise cybersecurity First month of Mythos Preview testing exposes 10K flaws OT attacks shift from recon to physical control, raising stakes For CISOs, dawn of OpenAI Daybreak brings good and bad news Gartner Security & Risk Management Summit 2026: Adapting for AI | TechTarget Inside business email compromise attacks: Real-world examples Verizon 2026 DBIR: 6 key takeaways for CISOs Identity security for AI agents: The proliferation challenge How to build a business impact analysis checklist Taking care of business: The CISO's role in a cyber crisis What CISOs need to know about AI audit logs SOC vs. MDR: What CISOs need to consider Instructure cyberattack reignites ransom payment debate Transform SIEM rules with behavior-based threat detection CISO's guide: How to test an incident response plan How to implement zero trust for AI Data after the breach: Economics of the dark web The breakup: Why CISOs are decoupling data from their SIEMs | TechTarget News brief: Security worries and warnings as AI use expands How to construct an effective security controls evaluation 5 leading enterprise password managers to consider Claude Mythos changes the AI security threat matrix Buyer 6 things to check in your cyber insurance policy fine print How cyber insurance helped with breach recovery -- or not News brief: Critical infrastructure, OT cybersecurity attacks Tape's strategic role in modern data protection Top zero-trust use cases in the enterprise What every CISO should consider before a SIEM migration CISO's guide to centralized vs. federated security models Shadow code: The hidden threat for enterprise IT How to fix cybersecurity's agentic AI identity crisis 5 top SIEM use cases in the enterprise Top 8 e-signature software providers for 2026 How do digital signatures work? News brief: AI woes continue for security leaders Deepfake era demands proof-based security, not just awareness Is SOAR dead or alive? Sort of The push for digital sovereignty: What CISOs need to know Beyond awareness: Human risk management metrics for CISOs Cybersecurity in the age of AI means bigger, faster threats At RSAC 2026, AI optimism and anxiety -- and an MIA U.S. government Inside the SOC that secured RSAC 2026 Conference How to roll out an enterprise passkey deployment How to improve the SOC analyst experience -- and why it matters How contact centers detect and prevent fraud News brief: Iranian cyberattacks target U.S. water, energy CISO checklist: Cybersecurity platform or marketing ploy? RSAC 2026 Conference: Key news and industry analysis | TechTarget Next-generation firewall buyer's guide for CISOs Contact center monitoring best practices for CX leaders RSAC 2026: Cyber insurance and the rise of ransomware Agentic AI's role in amplifying and creating insider risks RSAC 2026 recap: AI security and network security trends Identity security at RSAC 2026: The new enterprise dynamics What to know about red team testing and the law News brief: Iran cyberattacks escalate, U.S. targets named 5 top SOC-as-a-service providers and how to evaluate them Cloud security architecture: Enterprise cloud blueprint for CISOs Contact center compliance checklist for modern workforces How AI caught a malicious North Korean insider at Exabeam Watch your words: Tim Brown's advice for CISOs News brief: U.S. absence at RSAC sparks leadership concerns Network security management challenges and best practices 10 enterprise secure remote access best practices
Meaningful metrics demonstrate the value of cyber-resiliency
2026-04-06 · via Search Security Resources and Information from TechTarget

Paul Kirvan

By

Published: 06 Apr 2026

Business leaders face daily threats to the security of their information systems -- phishing attacks, DDoS attacks, viruses, ransomware and more. Many organizations have IT departments to address cybersecurity and manage threats to information systems, applications, websites networks and data. Larger enterprises likely have a security team or security operations center dedicated to preparing for, preventing and responding to cybersecurity incidents. 

But what happens in the aftermath of a cyberattack? How does the organization weather the intrusion? How well does it respond to the incident and then adapt and modify operations to better recover from future attacks? 

Cyber-resilience is the ability to manage the outcomes of a cybersecurity incident and, more importantly, make changes to business and technology. Mature security operations have the data and insights to establish effective cyber-resilience programs that provide measurable value to the business. 

Why CISOs need cyber-resilience metrics

As with many aspects of cybersecurity management, metrics help CISOs measure the effectiveness of their cybersecurity initiatives, particularly from a business perspective. CISOs need to understand and employ these metrics to demonstrate that cybersecurity investments not only protect the organization, but also align with business strategies and leadership priorities. 

A chart demonstrating the efforts a security team must undertake to achieve cyber-resilience.
A cybersecurity incident often prompts security teams to define a new normal to prevent similar occurrences in the future.
  • They are measurable, especially in the aftermath of a cyberattack, mapping the company's performance against acceptable performance metrics. 

  • They are business-focused and examine which business processes were affected, how well they recovered and the impact of the disruption to the firm. 

  • They help identify needed improvements in cybersecurity and decision-making. 

  • They examine all aspects of a cyberattack for insights into where the firm needs to adapt or change how it responds and recovers from an attack. 

Business, financial and operational considerations all factor into cyber-resilience analyses. Ideally, the outcomes improve cyber-resilience and result in a "new normal" that enhances cybersecurity efforts. 

Core cyber-resilience metrics

An array of metrics is available to help senior management understand cyber-resilience. The key is to select the relevant metrics for the situation. 

  • Mean time to detect measures the average time it takes for an organization to identify a security threat or incident after it occurs. Rapid MTTD and analysis reduce the likelihood that a cyberattack will disrupt business operations. 

  • Mean time to respond measures the average time it takes to contain and neutralize a cyberthreat. Rapid MTTR is essential for minimizing the severity of a cyberattack. 

  • Time needed for system recovery determines how quickly the organization can recover IT operations and return to normal business activities. 

  • Patch management metrics measure the frequency of patching and number of systems patched. Effective patching ensures cybersecurity resources are optimized for keeping the business operating smoothly. 

  • Third-party risk metrics monitor the performance of supply chains and key vendor ecosystems. 

  • Business impact metrics measure losses avoided due to resilience initiatives. 

  • Recovery time objectives versus actual recovery times metrics illustrate how quickly mission-critical assets are recovered against target recovery times. 

  • Recovery point objective metrics assess how long data can be unused before it no longer has value to the enterprise. A short-duration RPO means the risk of lost business or customer data was reduced. 

  • Percentage of backed up assets measures how many mission-critical systems, networks and applications are backed up to a secure location and have sufficient availability to minimize the likelihood of a system failure. 

  • Compliance metrics measure the level of compliance with security standards, such as ISO 27001 or NIST Special Publication 800-53. 

Best practices for implementing cyber-resilience metrics

The process for building a cyber-resilient technology infrastructure includes the following activities. 

Identify relevant business performance targets and align metrics 

Cybersecurity teams charged with addressing cyber-resilience should understand business mandates, such as uninterrupted availability, compliance and customer trust. 

Build resilience using established frameworks 

Examine cybersecurity events 

Use all relevant metrics related to cyberattack prevention, detection, response and recovery. 

Ensure metrics drive positive actions 

Use analytics to identify where investments are needed or procedures need to be changed. 

Validate metrics 

Run simulations or other tests to ensure the metrics are providing useful data. 

Balance metrics 

Balance technology metrics -- e.g., MTTD and MTTR and business metrics -- e.g., cost of downtime -- to deliver a more inclusive situation analysis. 

Discuss third-party and supply chain issues

Address external relationships and supply chains when discussing resilience, as those dependencies can pose risks. 

Keep an eye on industry trends 

Examine how other enterprises use cyber-resilience metrics to validate compliance and identify improvements. 

Establish a process for continuous improvement 

Keep metrics current and in sync with business strategies and the risk landscape to address the frequency and severity of cyberattacks. 

Ensuring useful metrics

The right metrics translate abstract values into specific data used for decision-making. Conduct these activities to ensure that cyber-resilience metrics deliver actionable results: 

  • Identify use. Define how metrics will map to business imperatives such as uptime and compliance. 

  • Address the incident lifecycle. Include metrics that address prevention, detection, response, recovery and post-event outcomes. 

  • Gather data using relevant methods. Many data sources are available, such as incident logs and risk assessments. Automate data gathering when possible. 

Reporting cyber-resilience metrics

The data metrics create is of little value unless CISOs can clearly communicate it to the board, CEO or other stakeholders or committees. CISOs must know their audience when presenting to senior management. Use business terms rather than technical jargon, discussing only the most relevant metrics linked to desired outcomes. Report on straightforward outcomes, such as "resolving a cyberattack and recovering business operations in less than one hour." When possible, use visual aids such as dashboards and charts. 

The audience will need context, so present trending data that shows how cybersecurity improvements have enhanced business risk management and justified cyber-resilience investments. People respond to stories, so consider presenting a narrative that illustrates how cyber-resilience initiatives have helped the company, such as mitigating a recent cyberattack or saving the company money. 

Paul Kirvan, FBCI, CISA, is an independent consultant and technical writer with more than 35 years of experience in business continuity, disaster recovery, resilience, cybersecurity, GRC, telecom and technical writing.   

Next Steps

Dig Deeper on Security analytics and automation