Digital economy

Security and privacy indicators


Short address for this page:

Measuring digital security risk management practices in businesses 

© ThinkstockThis 2019 report synthesises an OECD project to develop a framework and a set of statistical indicators that can be used to assess the digital security (cybersecurity) risk management practices of businesses. A survey instrument aligned with the framework was developed and piloted. The conclusion provides recommendations for future efforts building on this project. 


Guidance for computer security incident response team statistics

Computer security incident response teams (CSIRTs) generate statistics based on their daily activities: issuing alerts and warnings, handling incidents, etc. However, such statistics are generally not internationally comparable.

Between 2013 and 2015, the OECD worked with the CSIRT community to explore how to improve the international comparability of the statistics they produce. The outcome is a guidance document that they can use to develop more comparable statistics. It should be considered as a first step in this area. 


Measuring the evidence base for security and privacy

Better policies in the area of information security and privacy should be based on evidence. However, the collection of quantitative data and the development of robust statistical indicators related to trust is extremely challenging.

In 2012, the OECD released a report exploring the potential for the development of better indicators to inform the policy making process in the areas of security and privacy risk management, as well as the protection of children online. The work shows that there is an underexploited wealth of empirical data that, if mined and made comparable, will enrich the current evidence base for policy making.


Other OECD work on security and privacy measurement


More OECD work on digital security


Related Documents