Compliance & Legislation | Risk Management & Reporting

July 28, 2023

The discussion over data-driven vs qualitative cyber security assessment has been going for some time. Nowadays, it is at the top of the priority list for many security and senior executive teams.

Managing cyber security has always been a noble ambition but without reliable measurement, the lack of actionable information makes evidence-based management decisions almost impossible. “Our cyber security posture is good” is meaningless unless it can be verified by evidence.

For senior executives and boards identifying, measuring and mitigating risks are familiar elements of the risk management process. Cyber risk management is similar, but not the same.

Aligned with these ongoing discussions, the UK’s National Cyber Security Centre (NCSC) released a blog in April titled “Data-driven cyber (DDC): transforming cyber security through an evidence-based approach.”

DDC is transformative because, for a long-time, cyber security decisions, and the resulting business decisions, have often been made without adequate supporting evidence.

Check out our most recent resource – a look into the latest thinking from the UK National Cyber Security Centre on data-driven cyber (DDC) and how it can benefit your organisation. 

In our summary and insights piece, we explore:

  • Evidence-based actionable reporting
  • Repurposing risk management processes
  • Being ‘Data-driven’ – replacing intuition with reason for your security decisions

Read more to find out how your organisation can improve your security outcomes by effectively integrating data-driven cyber security into your security operations processes.

Data-driven and evidence-based cyber security decision making


Related Cybersecurity Content


Read by directors, executives, and security professionals globally, operating in the most complex of security environments.