This report synthesises an OECD project to develop a framework and a set of statistical indicators that can be used to assess the digital security (cybersecurity) risk management practices of businesses. A survey instrument aligned with the framework was developed and piloted. After a general introduction, the report starts with a brief overview of the state of affairs in the measurement of digital security risk and its management prior to the OECD project. It provides an in-depth explanation of the measurement framework for the assessment of digital security risk management practices in businesses and an analysis of the outcomes of a pilot survey instrument based on the measurement framework, tested with members of the Federation of European Risk Management Associations (FERMA) in 2018. The conclusion of the report provides recommendations for future efforts that build on this project.
