A Common Language for Cybersecurity

In my many years in the cybersecurity industry, I have often been struck by one consistent truth: cybercriminals seem to have an inherent advantage over us. Their ability to collaborate quickly, adapt to new technologies, and share resources allows them to stay one step ahead of traditional security measures. They operate in networks that are often faster and more agile than those tasked with defending against them. In contrast, our intentions are good, but the very nature of cybersecurity within organizations—diverse stakeholders, complex systems, and sometimes slow-moving bureaucracies—makes collaborating against a common enemy a significant challenge.

One of the key barriers to effective collaboration in cybersecurity is the lack of a common language. IT departments, security teams, legal advisors, risk managers, and executives often speak in different terms when it comes to addressing cyber risks. Without a shared framework or terminology, these teams struggle to communicate effectively, slowing down decision-making and creating blind spots in our defenses.

Another critical aspect missing in these conversations is the emphasis on data-driven decision-making. In many other areas of business, we rely heavily on Key Performance Indicators (KPIs) to measure success, benchmark progress, and guide strategic adjustments. This data-driven approach provides objectivity and clarity, creating a common point of reference for all stakeholders, regardless of their department or focus area.

In cybersecurity, adopting this same mindset is crucial. By introducing agile, data-driven conversations based on objective metrics, we can shift from vague discussions about “increasing security” to clear, measurable goals. At a high level, this means understanding at least one KPI for cybersecurity—a singular, powerful metric that acts as a headlight, helping guide the organization’s cybersecurity strategy. This could be a cyber risk score, the number of detected vulnerabilities, or the time to detect and respond to incidents (MTTD/MTTR). Whatever the KPI, it allows organizations to benchmark their performance not only against internal goals but also against industry peers.

Tools and methodologies like the Cybersecurity Compass, the Cyber Risk Management Lifecycle (CRML), and the Continuous Cyber Risk Scoring System (CCRSS) offer a way forward by providing an objective, transparent, and structured approach to cyber risk management. These frameworks promote data-driven conversations by delivering real-time insights and clear metrics, making it easier for all teams to stay aligned.

Having a shared KPI for cybersecurity ensures that organizations are not only comparing their efforts against their own benchmarks but also continuously evaluating their performance relative to the broader industry. This allows leaders to ask the right questions: “How does our response time compare to industry averages?” or “Are we improving our risk posture month-over-month?” By grounding cybersecurity strategy in objective, data-driven metrics, we can ensure that our defenses evolve just as quickly as the threats we face.

The Role of the Cybersecurity Compass, CRML, and CCRSS in Creating a Common Language for Cybersecurity

To foster collaboration and address the challenge of disjointed communication in cybersecurity, tools like the Cybersecurity Compass, Cyber Risk Management Lifecycle (CRML), and Continuous Cyber Risk Scoring System (CCRSS) create a unified, data-driven approach to building an all-hands cybersecurity culture. These frameworks promote a common language, enabling teams to align around clear, measurable objectives. By basing decisions on objective metrics rather than subjective opinions, they ensure that all stakeholders—whether in IT, security, or leadership—are working toward a shared goal. This collaborative approach strengthens defenses and creates an all-hands culture where everyone is responsible for protecting the organization from cyber threats.

Cybersecurity Compass: Methodology Before, During, and After a Breach

The Cybersecurity Compass provides a holistic methodology that guides organizations through each phase of a cyber incident—before, during, and after the breach—focusing on people, process, and technology. By establishing clear roles, processes, and technological tools, the Cybersecurity Compass helps create a unified language for handling breaches, ensuring that the entire organization can collaborate effectively at every stage.

1. Before the Breach

• People: Educating employees and ensuring everyone understands their responsibilities in protecting digital assets is crucial. The compass advocates for regular training programs, which create a shared foundation of knowledge across the organization.
• Process: Defining and refining incident response plans and cyber risk assessment processes helps establish a common understanding of what steps need to be taken when a breach occurs.
• Technology: A key focus before a breach is continuous discovering the organization’s attack surface, which involves identifying all potential points of entry for a cyberattack. This includes mapping out assets, systems, applications, and data that could be vulnerable. Once the attack surface is discovered, contextualizing this information in terms of its relevance to the organization’s operations and cyber risk profile is essential. Not all assets are of equal value, and understanding their criticality allows for the prioritization of security measures. Advanced tools such as vulnerability scanners, asset management systems, and threat intelligence platforms provide the necessary visibility into the attack surface, enabling organizations to focus on protecting the most critical areas first. This approach ensures that preventive efforts are targeted and resources are allocated efficiently.

2. During the Breach

• People: A well-coordinated incident response team, made up of technical, legal, and communication professionals, must be activated immediately. The common language developed through the Cybersecurity Compass ensures these teams work together seamlessly.
• Process: The emphasis is on executing the incident response plan, containing the breach, and communicating effectively across departments.
• Technology: Using real-time monitoring tools helps to identify and stop the attack, while also providing data-driven insights that feed into the organization’s overall cyber risk assessment.

3. After the Breach

• People: Post-breach recovery focuses on coordinating between IT teams, legal departments, and leadership to manage communication with stakeholders and regulators.
• Process: A thorough forensic analysis ensures the root cause is identified and that lessons learned are applied to future prevention strategies.
• Technology: Forensic tools and post-breach evaluations feed data back into the Continuous Cyber Risk Scoring System (CCRSS) to recalibrate the organization’s risk score, ensuring that the response to future threats is informed by objective metrics.

Cyber Risk Management Lifecycle (CRML): Continuous Refinement

The Cyber Risk Management Lifecycle (CRML) provides a structured, cyclical process that aligns the organization’s cyber risk strategy with real-time data, making sure that all stakeholders—from the boardroom to the IT department—are working from the same playbook. The CRML emphasizes data-driven decision-making, ensuring that risks are continuously assessed, mitigated, and monitored through quantifiable metrics. This transparency fosters a common language between different departments, enabling them to communicate clearly and efficiently about their cyber risk posture.

Continuous Cyber Risk Scoring System (CCRSS): Objective, Real-Time Cyber Risk Assessment

The Continuous Cyber Risk Scoring System (CCRSS) is vital in creating an objective, transparent measure of cyber risk. By continuously monitoring the organization’s vulnerabilities, threat landscape, and security performance, CCRSS assigns a risk score that is easily understood across departments. This common metric serves as a KPI for cybersecurity, allowing the organization to compare its performance against both internal goals and industry standards.

• People: By providing a clear risk score, the CCRSS enables all stakeholders to have a data-driven conversation about cyber risk, ensuring everyone speaks the same language.
• Process: The CCRSS promotes continuous evaluation of the organization’s cyber risk processes, ensuring that responses and defenses are regularly updated based on the latest real-time insights.
• Technology: Automated tools within CCRSS continuously scan and assess the organization’s digital environment, offering real-time updates to the cyber risk score. This transparency ensures that all teams are working with the latest data, enabling faster, more informed decision-making.

It’s Time to Start Speaking the Language of Cyber Risk

We can no longer afford to give cybercriminals the advantage. Their ability to collaborate quickly, adapt, and exploit vulnerabilities outpaces many organizations’ ability to defend themselves. The possible solution lies in creating a common language of cyber risk—a unified approach where all teams, from IT to executives, are aligned and operating from the same understanding.

Frameworks like the Cybersecurity Compass, CRML, and CCRSS are designed to enable this alignment. By grounding discussions in objective, data-driven metrics such as risk scores, these tools ensure that everyone in the organization can contribute effectively to managing cyber threats. This approach allows us to shift from reactive, fragmented responses to proactive, coordinated strategies.

We can’t keep giving cybercriminals the upper hand. Now is the time to implement these frameworks, foster data-driven conversations, and ensure all teams are speaking the same language. Start speaking the language of cyber risk today—and take back control from those who seek to exploit our weaknesses.