I’m pleased to share that my latest research paper has been accepted for presentation at the International Conference on Internet of Things, Big Data and Security (IoTBDS 2026).

The paper introduces a quantitative framework for measuring human-layer cyber resilience, transforming common phishing telemetry into measurable indicators of organisational readiness.

Using four widely available signals — Delivered, Clicks, Reports, and Report Time — the model derives three metrics:

• Phish Click Rate (PCR) – susceptibility to phishing
• Time-to-Report (TTR) – detection agility
• Phish Resilience Ratio (PRR) – a composite resilience indicator

Together, these convert phishing awareness outcomes into auditable evidence aligned with ISO/IEC 27001, ISO/IEC 27004, and NIS2 expectations for operational resilience.

The work addresses a common governance challenge: organisations can demonstrate that training occurred, but rarely that human behaviour measurably improves defensive readiness.

This research forms part of the broader DSCR initiative, which focuses on translating cyber security telemetry into structured metrics that help organisations understand and demonstrate cyber resilience.

Further research will extend this approach into ransomware propagation modelling and enterprise structural risk analysis.