Security Magazine logo
search
cart
facebook twitter linkedin youtube
  • Sign In
  • Create Account
  • Sign Out
  • My Account
Security Magazine logo
  • NEWS
    • Security Newswire
    • Technologies & Solutions
  • MANAGEMENT
    • Leadership Management
    • Enterprise Services
    • Security Education & Training
    • Logical Security
    • Security & Business Resilience
    • Profiles in Excellence
  • PHYSICAL
    • Access Management
    • Fire & Life Safety
    • Identity Management
    • Physical Security
    • Video Surveillance
    • Case Studies (Physical)
  • CYBER
    • Cybersecurity News
    • More
  • BLOG
  • COLUMNS
    • Cyber Tactics
    • Leadership & Management
    • Security Talk
    • Career Intelligence
    • Leader to Leader
    • Cybersecurity Education & Training
  • EXCLUSIVES
    • Annual Guarding Report
    • Most Influential People in Security
    • The Security Benchmark Report
    • The Security Leadership Issue
    • Top Guard and Security Officer Companies
    • Top Cybersecurity Leaders
    • Women in Security
  • SECTORS
    • Arenas / Stadiums / Leagues / Entertainment
    • Banking/Finance/Insurance
    • Construction, Real Estate, Property Management
    • Education: K-12
    • Education: University
    • Government: Federal, State and Local
    • Hospitality & Casinos
    • Hospitals & Medical Centers
    • Infrastructure:Electric,Gas & Water
    • Ports: Sea, Land, & Air
    • Retail/Restaurants/Convenience
    • Transportation/Logistics/Supply Chain/Distribution/ Warehousing
  • EVENTS
    • Industry Events
    • Webinars
    • Solutions by Sector
    • Security 500 Conference
  • MEDIA
    • Videos
      • Cybersecurity & Geopolitical Discussion
      • Ask Me Anything (AMA) Series
    • Podcasts
    • Polls
    • Photo Galleries
  • MORE
    • Call for Entries
    • Classifieds & Job Listings
    • Continuing Education
    • Newsletter
    • Sponsor Insights
    • Store
    • White Papers
  • EMAG
    • eMagazine
    • This Month's Content
    • Advertise
  • SIGN UP!
CybersecurityManagementSecurity NewswireSecurity Enterprise ServicesSecurity Leadership and ManagementLogical SecuritySecurity & Business ResilienceCybersecurity News

Better Cybercrime Metrics Act signed into law

By Maria Henriquez
metrics-cyber-freepik1170.jpg

Image via Freepik

May 10, 2022

U.S. President Joe Biden has signed the Better Cybercrime Metrics Act, aiming to improve how the federal government tracks, measures, analyzes and prosecutes cybercrime. 


Endorsed by the National Fraternal Order of Police and several national law enforcement organizations, the act will build a system to track cybercriminal incidents to combat rising cyber and cyber-enabled crimes. 


In addition, the act aims to improve cybercrime metrics by requiring the Government Accountability Office (GAO) to report on the effectiveness of current mechanisms and highlight disparities in reporting data between cybercrime data and other types of crime data. 


The bipartisan legislation also requires: 

  • The National Crime Victimization Survey to incorporate questions related to cybercrime in its survey instrument,
  • The U.S. Department of Justice to contract with the National Academy of Sciences to develop a taxonomy for cybercrime that can be used by law enforcement, and
  • The National Incident Based Reporting System — or any successor system — include cybercrime reports from federal, state, and local officials.


The absence of a detailed and consistent system for collecting and categorizing data on cybercrime hinders the federal government from fully understanding the scope of the cybercrime problem, further preventing law enforcement from protecting against cybercrime. By some estimates, the Federal Bureau of Investigation (FBI) only collects about one in 90 of all cybercrime incidents in its Internet Crime Complaint Center (IC3) database. 


Security leaders think the legislation is a step in the right direction, and organizations can benefit from better reporting and categorization of incidents. Craig Lurey, CTO and Co-Founder at Keeper Security, believes it will also help both cyber professionals and the government understand and prioritize the most important attack vectors organizations must be protected against, especially as these attacks evolve. 


Better categorization, says Archie Agarwal, Founder and CEO at ThreatModeler, will, in turn, standardize the kinds of threats organizations face: the adversaries that promulgate attacks, as well as the nature and impact of a successful attack. “As the government mandates and recommends more reporting, organizations will have more examples that mirror their own exposure, as well as associated damages and costs. Disclosure, generally, is something that government departments and private industry fear alike. A mandated reporting standard and taxonomy will make it harder for firms to pave over detail and magnitude of their security incidents using their own marketing and language,” Agarwal explains.


A larger benefit of the legislation may be the increased attention on cyberthreats by organizations, notes John Yun, Vice President of Product Strategy at ColorTokens, explains. “There have been many cases where organizations have renewed focus and subsequent budget allocated following government agency involvement. It provides organizations the additional justifications and reasons for prioritizing cybersecurity needs.” Yun points to the development of the Risk Management Framework (RMF) by NIST, for example, which brought much-needed attention to zero trust architecture.


“Developing a common language and taxonomy about cyberattacks is also crucial for defining metrics and sharing [threat intelligence] across the cyber defender community,” says Michael Mumcuoglu, CEO and co-founder at CardinalOps. However, Mumcuoglu recommends the  National Academy of Sciences build upon existing, widely-used industry standards — such as MITRE ATT&CK, a standard taxonomy for describing adversary techniques based on real-world observations, and VERIS, a set of metrics that use a common language to describe security incidents — rather than reinventing the wheel.


Overall, the legislation “is an important step to make it harder for cybercriminals to do damage,” Lurey says.

KEYWORDS: cyber security information security metrics risk management

Share This Story

Looking for a reprint of this article?
From high-res PDFs to custom plaques, order your copy today!

Maria Henriquez is a former Associate Editor of Security. She covered topics including cybersecurity and physical security, risk management and more.

Recommended Content

JOIN TODAY
To unlock your recommendations.

Already have an account? Sign In

  • Security's Top Cybersecurity Leaders 2024

    Security's Top Cybersecurity Leaders 2024

    Security magazine's Top Cybersecurity Leaders 2024 award...
    Security Enterprise Services
    By: Security Staff
  • cyber brain

    The intersection of cybersecurity and artificial intelligence

    Artificial intelligence (AI) is a valuable cybersecurity...
    Cyber Tactics Column
    By: Pam Nigro
  • artificial intelligence AI graphic

    Assessing the pros and cons of AI for cybersecurity

    Artificial intelligence (AI) has significant implications...
    Cybersecurity Education & Training
    By: Charles Denyer
Subscribe For Free!
  • Security eNewsletter & Other eNews Alerts
  • eMagazine Subscriptions
  • Manage My Preferences
  • Online Registration
  • Mobile App
  • Subscription Customer Service

More Videos

Sponsored Content

Sponsored Content is a special paid section where industry companies provide high quality, objective, non-commercial content around topics of interest to the Security audience. All Sponsored Content is supplied by the advertising company and any opinions expressed in this article are those of the author and not necessarily reflect the views of Security or its parent company, BNP Media. Interested in participating in our Sponsored Content section? Contact your local rep!

close
  • Crisis Response Team
    Sponsored byEverbridge

    Automate or Fall Behind – Crisis Response at the Speed of Risk

  • Perimeter security
    Sponsored byAMAROK

    Why Property Security is the New Competitive Advantage

  • Duty of Care
    Sponsored byAMAROK

    Integrating Technology and Physical Security to Advance Duty of Care

Popular Stories

Pills spilled

More than 20,000 sensitive medical records exposed

Coding on screen

Research reveals mass scanning and exploitation campaigns

Laptop in darkness

Verizon 2025 Data Breach Investigations Report shows rise in cyberattacks

White post office truck

Department of Labor Sues USPS Over Texas Whistleblower Termination

Computer with binary code hovering nearby

Cyberattacks Targeting US Increased by 136%

2025 Security Benchmark banner

Events

May 22, 2025

Proactive Crisis Communication

Crisis doesn't wait for the right time - it strikes when least expected. Is your team prepared to communicate clearly and effectively when it matters most?

September 29, 2025

Global Security Exchange (GSX)

 

View All Submit An Event

Products

Security Culture: A How-to Guide for Improving Security Culture and Dealing with People Risk in Your Organisation

Security Culture: A How-to Guide for Improving Security Culture and Dealing with People Risk in Your Organisation

See More Products

Related Articles

  • iot-enews

    IoT Cybersecurity Improvement Act signed into law

    See More
  • SEC0819-5G-Feat-slide_900px

    Secure 5G and Beyond Act of 2020 Signed Into Law

    See More
  • software-equipment-freepik356489.jpg

    Secure Equipment Act signed into law

    See More
×

Sign-up to receive top management & result-driven techniques in the industry.

Join over 20,000+ industry leaders who receive our premium content.

SIGN UP TODAY!
  • RESOURCES
    • Advertise
    • Contact Us
    • Store
    • Want More
  • SIGN UP TODAY
    • Create Account
    • eMagazine
    • eNewsletter
    • Customer Service
    • Manage Preferences
  • SERVICES
    • Marketing Services
    • Reprints
    • Market Research
    • List Rental
    • Survey/Respondent Access
  • STAY CONNECTED
    • LinkedIn
    • Facebook
    • YouTube
    • X (Twitter)
  • PRIVACY
    • PRIVACY POLICY
    • TERMS & CONDITIONS
    • DO NOT SELL MY PERSONAL INFORMATION
    • PRIVACY REQUEST
    • ACCESSIBILITY

Copyright ©2025. All Rights Reserved BNP Media.

Design, CMS, Hosting & Web Development :: ePublishing