‘Mean Time Before CEO Apologises’ Is The Ultimate Security Metric

There are lots of metrics for measuring security readiness and response, but we think this one’s hard to beat: the time between when a security incident occurs at a major company and when the CEO is forced to make a grovelling public apology.

Sorry picture from Shutterstock

Forrester Research analyst Rick Holland suggests the ‘mean time before CEO apologises’ idea in a recent blog post. While it’s tongue-in-cheek, it does highlight one of the most important lessons in IT security: it’s always better to prevent an incident than to have to deal with the aftermath. And since you can’t prevent everything, it’s also crucial to be able to demonstrate everything you did do — since that will help the CEO prepare their apology.

Introducing A New Incident Response Metric: Mean Time Before CEO Apologizes (MTBCA)

The Cheapest NBN 50 Plans

Here are the cheapest plans available for Australia’s most popular NBN speed tier.

At Lifehacker, we independently select and write about stuff we love and think you'll like too. We have affiliate and advertising partnerships, which means we may collect a share of sales or other compensation from the links on this page. BTW – prices are accurate and items in stock at the time of posting.


8 responses to “‘Mean Time Before CEO Apologises’ Is The Ultimate Security Metric”