Key risk indicators in cyber security

Written by: Piers Shearman

Categorized: Blog

Understanding key risk indicators (KRIs) in cybersecurity

In the constantly evolving landscape of cybersecurity, key risk indicators (KRIs) play a crucial role in measuring and mitigating cyber risk exposure. KRIs are specific, quantifiable metrics that help organisations identify potential threats and determine the level of risk they pose. In this article, we’ll delve into the importance of KRIs in cybersecurity and how you can use them to strengthen an organisation’s defences.

What are key risk indicators?

Key risk indicators (KRIs) are metrics that can provide you with insight into potential risks and give you data that can help you prioritise your response to different threats. KRIs can be used to measure various aspects of an organisation’s security posture, establish baselines and measure changes over time.

Examples of KRIs

Start simple in terms of what you would like to monitor.

  1. Number of successful/unsuccessful login attempts
  2. Network traffic volume and anomalies
  3. Malware detections and incidents of data breaches
  4. Unpatched software and systems
  5. Social engineering attacks and phishing attempts
  6. Insider threat incidents
  7. Unusual user behaviour and access to sensitive information
  8. Vulnerability scan results and remediation progress
  9. Third-party and supply chain risk
  10. Incidents of data loss or theft

How to Implement key risk indicators

Implementing KRIs in your organisation’s cybersecurity strategy can be a complex process, but as you can see from the examples above, many KRIs are intuitively things worth measuring in an organisation, and some you will undoubtably be measuring already. If incidents of data loss or insider threat are increasing, you would want to know and take appropriate action.

Here are some key steps for implementing KRIs in your organisation:

Identify potential risks: Start by identifying the risks that your organisation faces. This may include risks related to ransomware,network security, application security, data security, and more.

Determine relevant KRIs: Once you’ve identified potential risks, you’ll need to determine the relevant KRIs for your organisation. This may include metrics such as the number of successful login attempts, the number of successful attacks, and the amount of data transferred.

Establish a baseline: Establishing a baseline for your KRIs is important for measuring progress and identifying changes in risk levels. This may include tracking the number of successful login attempts, the number of successful attacks, and the amount of data transferred over time.

Monitor KRIs: Regularly monitor your KRIs to identify any changes in risk levels. This will help you to detect potential threats early and take steps to mitigate risk before a data breach occurs.

Respond to changes in risk levels: If you detect changes in risk levels, take steps to mitigate risk as soon as possible. This may include implementing additional security measures, updating policies and procedures, or training employees.


Key risk indicators (KRIs) are a useful tool in keeping you informed. They can give you the ability to proactively identify and mitigate risk and because of that, could give you insight into a potential incident that you otherwise might not know about. Look at your current KRIs and decide if they cover all the risks you would like to monitor. If not, ascertain what data you could tap into to develop new indicators. Decide what frequency you would like this monitoring and put in place a process to provide updates.

tldr; what gets measured gets managed.

Related Content