Browsed by
Month: March 2026

Why Cyber Security Still Lacks a Readiness Metric

Why Cyber Security Still Lacks a Readiness Metric

Cyber security programmes generate enormous volumes of data. Organisations track vulnerability scans, compliance frameworks, security awareness completion rates, and incident reports. Yet these artefacts rarely answer a fundamental governance question: How resilient is the organisation to a real cyber attack? Most cyber security reporting demonstrates activity rather than defensive effectiveness. An organisation may be compliant with multiple standards and still remain structurally vulnerable to ransomware propagation. This gap exists because cyber resilience is usually discussed in qualitative terms — policies,…

Read More Read More

Research Update: Phishing Resilience Metrics Paper Accepted at IoTBDS 2026

Research Update: Phishing Resilience Metrics Paper Accepted at IoTBDS 2026

I’m pleased to share that my latest research paper has been accepted for presentation at the International Conference on Internet of Things, Big Data and Security (IoTBDS 2026). The paper introduces a quantitative framework for measuring human-layer cyber resilience, transforming common phishing telemetry into measurable indicators of organisational readiness. Using four widely available signals — Delivered, Clicks, Reports, and Report Time — the model derives three metrics: • Phish Click Rate (PCR) – susceptibility to phishing• Time-to-Report (TTR) – detection…

Read More Read More