#1 Trusted Cybersecurity News Platform
Followed by 5.20+ million
The Hacker News Logo
Subscribe – Get Latest News
Maximizing Efficiency and Security in Government Cloud Environments

Security Metrics | Breaking Cybersecurity News | The Hacker News

Category — Security Metrics
Redefining Cyber Value: Why Business Impact Should Lead the Security Conversation

Redefining Cyber Value: Why Business Impact Should Lead the Security Conversation

Jun 05, 2025 Risk Management / Operational Resilience
Security teams face growing demands with more tools, more data, and higher expectations than ever. Boards approve large security budgets, yet still ask the same question: what is the business getting in return? CISOs respond with reports on controls and vulnerability counts – but executives want to understand risk in terms of financial exposure, operational impact, and avoiding loss. The disconnect has become difficult to ignore. The average cost of a breach has reached $4.88 million, according to recent IBM data . That figure reflects not just incident response but also downtime, lost productivity, customer attrition, and the extended effort required to restore operations and trust. The fallout is rarely confined to security. Security leaders need a model that brings those consequences into view before they surface. A Business Value Assessment (BVA) offers that model. It links exposures to cost, prioritization to return, and prevention to tangible value. This article will explain ...
Security Theater: Vanity Metrics Keep You Busy - and Exposed

Security Theater: Vanity Metrics Keep You Busy - and Exposed

Apr 07, 2025 Attack Surface Management
After more than 25 years of mitigating risks, ensuring compliance, and building robust security programs for Fortune 500 companies, I've learned that looking busy isn't the same as being secure.  It's an easy trap for busy cybersecurity leaders to fall into. We rely on metrics that tell a story of the tremendous efforts we're expending - how many vulnerabilities we patched, how fast we responded - but often vulnerability management metrics get associated with operational metrics because traditional approaches to measuring and implementing vulnerability management does not actually reduce risk. So, we resort to various ways of reporting on how many patches were applied under the traditional 30/60/90-day patching method . I call these vanity metrics : numbers that look impressive in reports but lack real-world impact. They offer reassurance, but not insights. Meanwhile, threats continue to grow more sophisticated, and attackers exploit the blind spots we're not measuring. I've se...
Expert Insights Articles Videos
Cybersecurity Resources