CIOIN

The index, launched by two security professionals, is a survey that attempts to gauge the state of cybersecurity by measuring the overall sentiment of operational experts. Much like a consumer confidence index that measures people’s optimism, the index focuses on experts' overall perception of current threats and defenses.

The index is an experiment that could prove to be a useful way to gauge the overall security situation online, says Dan Geer, the co-creator of the index and the chief security officer of In-Q-Tel, the investment arm of the Central Intelligence Agency. While Geer has attempted to create other indices based on measures of threat, good data was not always available, he says.
"It is not like we are overwhelmed with useful numbers; we are short on them," he says. His conclusion: Focus on the data that you know you can get.

"Maybe we shouldn't be trying to measure the concrete, but trying to measure the opinion of people who know something," he says. "Because it may well be that the opinion of people that know something may have more coherence than anything we know how to measure, or have the permission to measure, on a wide scale."
The cybersecurity index measures the outlook of about 300 security operations managers—from chief risk officers and chief security information officers to academicians and security firm chief scientists. Since the survey is done via a website, it is open to security professionals everywhere. The index is published every month. Questions vary from whether certain threats—such as malware, insider threats, or industrial espionage—have become worse to whether information sharing and defenses have improved.

Each respondent answers on a five-point scale:Falling fast, falling, static, rising, or rising fast.

Geer and co-creator Mukul Pareek, a risk professional who asked that his company not be identified, believe that the cybersecurity risk index could have practical uses. Cyber risk insurers could use the metric as a way to hedge their risks, for example.
"This is something that we do not have an answer to yet," Pareek says. "But it is clearly at the top of our minds, we are thinking about it. In the coming months, we should come up with some ideas" about how to use the index.

In April, the index rose to 1,021.6, up 2 percent from the March baseline of 1,000, indicating that experts' perception of the cybersecurity situation has worsened. The fastest rising threats are malware, nation-state-sponsored attacks and risks from suppliers and service providers. The most significant cybersecurity improvement comes from the perception that information sharing is getting better.