
53
4Chapter
Metrics Developments
e sine qua non of metrics would be those that are reliably predictive—leading
indicators of security failure or compromise. Today, all that can be said with any
certainty is that organizations with substandard security will statistically suffer
greater losses. A recent study by Aberdeen demonstrates statistically predictive con-
sequences of good, or deficient, security.
Firms operating at best-in-class (security) levels are lowering financial
losses to less than 1 percent of revenue, whereas other organizations are
experiencing loss rates that exceed 5 percent.
1
While this result is both intuitive and rea