Cyber security programmes generate enormous volumes of data.

Organisations track vulnerability scans, compliance frameworks, security awareness completion rates, and incident reports. Yet these artefacts rarely answer a fundamental governance question:

How resilient is the organisation to a real cyber attack?

Most cyber security reporting demonstrates activity rather than defensive effectiveness.

An organisation may be compliant with multiple standards and still remain structurally vulnerable to ransomware propagation.

This gap exists because cyber resilience is usually discussed in qualitative terms — policies, controls, and maturity models — rather than quantifiable indicators of readiness.

The goal of Dr Speffle Cyber Resilience (DSCR) is to address this challenge by developing structured metrics that translate complex cyber behaviour into measurable indicators.

Examples include:

• Phish Resilience Ratio (PRR) – measuring human-layer response capability
• Operational Spread Window (OSW) – modelling potential ransomware propagation speed

By focusing on measurable structural conditions, organisations can begin to understand not just whether security activities occur, but whether those activities meaningfully improve defensive readiness over time.

Measurement transforms cyber resilience from a narrative into evidence.