Forum Discussion

YasserSalama's avatar
YasserSalama
Icon for Bronze I rankBronze I
2 months ago

Measuring Cyber Resilience: What's the Key Metric?

Is cyber resilience just about fast incident response, or does true resilience go beyond that?

Do you prioritize response time, employee awareness, or strategic recovery? What’s your go-to metric for measuring real cyber resilience?

  • Cyber Resilience is a combination of all of the above - MTTD, MTTR, general awareness, recovery and restoration, and more. Personally, the key metric in my eyes is complete coverage over all of these areas, which can be easily viewed by using industry frameworks, like our in-platform MITRE Attack. Organizations that have strong cyber resilience have coverage over most/all of the techniques. 

    Alternatively, if you're referring to our in-platform Cyber Resilience Score, this takes a hands-on look at proving resilience over different areas of the platform, including CTI (helping with MTTD/MTTR), running TTx (Crisis Sim), and general completions of labs (coverage of MITRE).