Skip to main content

Security posture – a KPI for 5G service providers

My first 5G security blog covered the four elements that form the basis for building digital trust in the 5G era. I then wrote about the importance of security strategies as part of the overall 5G planning - well before deployment and not just as an afterthought. In this post, I will explore why 5G cyber security posture is the new business KPI for telco executives and board members, and why it is imperative for cyber security teams to adapt in workflow and tools, especially in Security Operations Centers (SOCs).

Do Telco security professionals really know what their consumers want?

Not according to a recent KPMG report [2019, Consumer loss barometer], which showed they have widely different priorities in some areas. Whilst security executives think it is highly important to apologize for any security breach, consumers are much more interested in getting proof that it won’t happen again.

An oft-quoted catchphrase says that the customer is always right, so pleasing them is – or should be – a major business objective. That is why it is crucial for the 5G telco industry to integrate security teams and their KPIs into the overall business strategy and objectives from the outset. That way, they can build both digital products and services that meet the functional and security expectations of enterprises and their consumers.

Image 1. Do security professionals really know what consumers want?

KPMG report

Source: KPMG report: Consumer loss barometer 2019

As a result of this, cyber security teams in CIO or CISO organizations must expand their roles, moving from protecting their company’s operations and infrastructure to boosting the security levels offered in their 5G services and applications. It is important for security leadership to understand the needs of customers, and instead of being a “back-office function”, they must become a vital contributor in delivering extraordinary customer experiences.

Defining the metrics

For a successful 5G business, a defined cyber security posture and its metrics must accurately report its data to all relevant stakeholders, especially to the board. Board members and C-level executives want to see security metrics that clearly show the likely effects on their business goals, as well as any costs incurred. The Ponemon Institute even puts a number on this. A breach with a lifecycle longer than two hundred days costs an organization 37 percent more than one with a lifecycle shorter than two hundred days ($4.56 million vs. $3.34 million, respectively).


Forty-four percent of the Ponemon study respondents say their organizations’ security posture significantly improved over the past 12 months and specific metrics are used to understand the reasons for this. According to Image 2, 55 percent of respondents say improvements are tracked by the number of cyber attacks prevented. This is followed by time to identify the incident and time to contain the incident (51 percent and 48 percent of respondents, respectively).

Image2: Ponemon study 2019 – How does your organization measure security posture?

Ponemon study

The value of security operations can be best documented in metrics such as Mean Time To Identification (MTTI), and Mean Time To Contain (MTTC) a cyber security intrusion or incident, which is shown below on Image 3. It shows that, since last year, the MTTI and MTTC of a data breach have increased. In 2019, the MTTI was 206 days and the MTTC was 73 days for a combined 279 days, an increase of 4.9 percent from last year when the MTTI and MTTC were 197 and 69 days (combined 266 days), respectively.

Image 3. Days of breach identification and containment

Ponemon institute

Source: Ponemon Institute “Cost of a Data Breach Report 2019”

Significantly reducing MTTI and MTTC starts with an understanding of the characteristics of attacks, such as impact, signature and behavior. From there, many groups need to work together, enabled by technology that can deal with multiple events, then use log and alarm data to automate and orchestrate incident response processes. If a CIO security department has the tools to capture this information, compiling reports of successfully repelled attacks is a good way to prove value.

Security orchestration and automation tools can help security teams improve KPIs like MTTI and MTTC. These tools can also use analytics and automation to aid the investigation of threats and advise on an appropriate response. Enriched insights from threat intelligence feeds and AI-based tools enable organizations to identify, contain, remediate and eradicate threats faster than adversaries can compromise the enterprise’s data.

Using telco-centric orchestration and automation technology allows security operations teams to use their processes and procedures in automated ways that significantly reduce the MTTI & MTTC within their organizations.

In other words, implementing an adaptive platform that integrates tools, correlates data and orchestrates mitigation actions can help CIO/CISO organizations significantly improve their overall security posture.

Interested to hear more? Register to our upcoming LightReading webinar: “Security Orchestration and Automation for Telcos”

Related resources

Share your thoughts on this topic by joining the Twitter discussion with @NokiaIoT and @nokianetworks using #security #SOAR #5G #cloud #IoT # IoTsecurity #CyberSecurity

Gerald Reddig

About Gerald Reddig

Gerald leads the global portfolio marketing efforts for Nokia’s security solutions. He is a member of the broadband forum, directs Nokia´s membership in the IoT Cybersecurity Alliance and steers Nokia´s Security center in Finland. Gerald is on the speaker’s circuit at international conferences and a recognized author on the topics he’s passionate about: cybersecurity technology, data privacy and finding the right solutions to prevent vulnerabilities, hacker trojans or man-in-the-middle attacks.

Tweet me at @geraldreddig

Article tags