In this Help Net Security video, Pete Bowers, COO at NormCyber, explains how organizations can build a cyber resilience metrics program that supports better decisions. He questions common ways of measuring resilience, such as risk registers, tool scores, and annual tests, and points out their limits. These methods often rely on opinion, narrow data, or outdated snapshots. As a result, leaders struggle to understand real risk or explain it to the board.
The video highlights the need for metrics that reflect actual conditions and update over time. Good metrics should show where risk exists, connect to business impact, and guide clear actions. They should cover more than IT and align with recognized frameworks.
Bowers also stresses that metrics must be easy to understand, owned by teams, and tied to outcomes. When done well, they help organizations prioritize work, improve resilience, and build shared understanding across teams and leadership.
Download: Simplify security management with CIS SecureSuite Platform
