Cyber Effectiveness and the CED KPI

Cyber effectiveness and the CED KPI - and its Cyber Event Days Key Performance Indicator - are inextricably linked with one another.

Improving one improves the other - CED improvements result in better cyber effectiveness.

In fact it is Cyber Event Days - the KPI - which reveals the diagnostic of what to do next to improve the effectiveness of Cyber programs, but if only you know what to look for and how to use it.

  • For some, CED KPI measures are in the low single digits.
  • For others CED measures are in the tens-of-thousands.
  • But for most, CED measures are mostly between the two extremes.

So what is this CED (Cyber Event Days) KPI?

Cyber Event Days (CED)

To complicate things just a bit, CED is actually made up of two different components, as follows:

  • the numbers of data loss and other cyber severity-one events, and
  • the time it takes to detect and resolve data loss and other cyber severity-one events

Thus, the name Cyber Event Days because the KPI encapsulates two components, the number of cyber events (data loss and other severity-one events) and the time to detect and resolve severity-one cyber events.

Numbers of Cyber Events - What the Research Shows

The research reveals severity-one cyber events are distributed across organizations as follows:

  • Among a small percentage of organizations, the number of annual data loss and cyber severity-one events is low, somewhere in the single digits.
  • For most organizations the number of such events measures in the tens to many tens annually.
  • For another small percentage of organizations the number of such cyber events measure in the hundreds, unfortunately.
Detect-Resolution Time - What the Research Shows

The research shows the time to detect and resolve severity-one (and data loss) events has a similar but time-dependent distribution profile, as follows:

  • A small percentage of organizations detect and resolve severity-one cyber events in the "same day"
  • Most organizations resolving such events takes anywhere from many days to weeks and months
  • For a small percentage or organizations the time to detect and resolve these events takes longer than a year
Cyber Event Days

When put together the result is the key performance indicator cyber event days, or CED.

Some organizations are better at detecting severity-one events and others are at an advantage because the events are quickly discovered and resolved. Still others are better at adjusting things to prevent similar cyber events from recurring. But this is what CED is all about. Reducing CED requires the ability to do all three equally well.

In truth, most organizations - almost 9-in-10 - are struggling to excel at all three improvement activities: faster detection, more rapid resolution, and subsequent reduction of severity-one events.

And the research bears this out, as follows:

  • About 12 percent of organizations fewer than three CEDs annually
  • Upwards of 68 percent of organizations are wrestling with hundreds of CEDs
  • Nearly 20 percent of companies are overwhelmed by thousands of CEDs

For all but the 12 percent already living the charmed cyber-life, CED is the KPI for measuring and improving cyber outcomes.


What passes for cyber KPIs at most organizations today are a motley collection of detailed technical operational and operating characteristics, most of which shed little light on whether results are improving or not.

Instead of rashers of detailed operating technical characteristics, the path forward requires distilling technical details into the CED KPI.

As they say, the devil is in the details, and such details should add up to CED.

Similarly, CED should unravel to the details.

Where does your organization sit on the CED scale?

  • Is it among those with the lowest CED rates?
  • Is it among the majority with larger CED rates?
  • Is it among those with the largest CED rates?

Tune in for future research to find out more about CED, Cyber Effectiveness and comparing where you are as Wellington Research expands and delivers cyber data services on Cyber Source Data.

Related Research

10 Cyber Metrics You Should Be Monitoring

Cyber Security Operating Models and Cyber Effectiveness

May the Indicators Be With You



Featured Research

2018 Cyber Security Spend Report

The 2018 Cyber Security Spend Report focuses on global spend today through the coming five years. Did you know that global spend on cyber security is: More than $103 billion today Will exceed $130 billion by or before 2022 Today’s top two spend categories account for almost 50 percent of spend by enterprises today. The

Innovative Digital Business Models

Is your company making money using some of the innovative digital business models of the future, today? If not, it is important to understand what some of the new digital business models are, what they are best used for, who should consider using them, why they are important, and when they should be used. Not