[{"data":1,"prerenderedAt":278},["ShallowReactive",2],{"ressources-en-20-key-cyber-compliance-indicators":3},{"id":4,"title":5,"author":6,"body":7,"category":265,"challenges":266,"counterpart":267,"date":268,"description":269,"draft":270,"extension":271,"gated":270,"gatedAsset":266,"gatedDownloadUrl":266,"image":266,"meta":272,"navigation":273,"path":274,"results":266,"seo":275,"solutions":266,"stem":276,"testimonialAuthor":266,"testimonialPhoto":266,"testimonialQuote":266,"testimonialRole":266,"__hash__":277},"blogEn\u002Fresources\u002F20-key-cyber-compliance-indicators.md","The 20 key cyber compliance indicators","OverView Team",{"type":8,"value":9,"toc":256},"minimark",[10,15,24,39,42,46,98,102,140,144,151,189,191,195,198,250],[11,12,14],"h2",{"id":13},"why-these-20-indicators","Why these 20 indicators?",[16,17,18,19,23],"p",{},"Most organizations already have the necessary tools — AD, EDR, CMDB, MDM, vulnerability scanners. The problem isn't a lack of data, it's the absence of a ",[20,21,22],"strong",{},"cross-functional view",". Each tool operates in a silo, and no one cross-references the information.",[16,25,26,27,30,31,34,35,38],{},"These 20 indicators represent the KPIs every organization should track to manage its cybersecurity. They fall into three families: ",[20,28,29],{},"Devices"," (8), ",[20,32,33],{},"Identities"," (6) and ",[20,36,37],{},"Cross-references"," (6). The cross-references make all the difference — that's where real risks surface.",[40,41],"hr",{},[11,43,45],{"id":44},"devices-8-indicators","Devices — 8 indicators",[47,48,49,56,62,68,74,80,86,92],"ol",{},[50,51,52,55],"li",{},[20,53,54],{},"Active antivirus\u002FEDR coverage"," — percentage of devices with active, functioning endpoint protection",[50,57,58,61],{},[20,59,60],{},"Up-to-date system rate"," — percentage of devices with the latest security patches applied (\u003C 30 days)",[50,63,64,67],{},[20,65,66],{},"Successful backup rate"," — percentage of backups completed successfully over the past 7 days",[50,69,70,73],{},[20,71,72],{},"Disk encryption rate"," — percentage of devices with encryption enabled (BitLocker, FileVault)",[50,75,76,79],{},[20,77,78],{},"Unpatched critical vulnerabilities"," — number of critical flaws (CVSS ≥ 9) or KEVs unpatched for over 30 days",[50,81,82,85],{},[20,83,84],{},"Compliant device rate"," — percentage of devices meeting MDM security policies (Intune, Jamf, etc.)",[50,87,88,91],{},[20,89,90],{},"Obsolete system rate"," — percentage of devices running an end-of-support OS (Windows 7, Server 2012, etc.)",[50,93,94,97],{},[20,95,96],{},"Orphan devices"," — number of active devices with no identified owner",[11,99,101],{"id":100},"identities-6-indicators","Identities — 6 indicators",[47,103,104,110,116,122,128,134],{},[50,105,106,109],{},[20,107,108],{},"MFA coverage rate"," — percentage of users protected by multi-factor authentication",[50,111,112,115],{},[20,113,114],{},"Compliant password rate"," — percentage of users meeting the password policy (complexity, expiration)",[50,117,118,121],{},[20,119,120],{},"Admin accounts without MFA"," — total number of accounts with admin role without MFA enabled",[50,123,124,127],{},[20,125,126],{},"Inactive admin accounts"," — number of admin accounts unused for over 90 days",[50,129,130,133],{},[20,131,132],{},"Accounts with permanent passwords"," — number of accounts whose passwords never expire",[50,135,136,139],{},[20,137,138],{},"Phishing awareness rate"," — percentage of employees who clicked on phishing test emails",[11,141,143],{"id":142},"cross-references-6-indicators","Cross-references — 6 indicators",[16,145,146,147,150],{},"This is where OverView's value truly shines. Existing tools each measure their own scope. Only cross-referencing reveals the ",[20,148,149],{},"real risks",".",[47,152,153,159,165,171,177,183],{},[50,154,155,158],{},[20,156,157],{},"At-risk workstations"," — number of business-critical devices or devices linked to admin accounts, without active EDR",[50,160,161,164],{},[20,162,163],{},"At-risk servers"," — number of critical servers without recent backup and without EDR",[50,166,167,170],{},[20,168,169],{},"At-risk identities"," — number of accounts without MFA, with high phishing attempt rates, linked to devices without EDR or highly vulnerable devices",[50,172,173,176],{},[20,174,175],{},"Vulnerable software"," — top 10 most vulnerable software present across the estate, with affected devices",[50,178,179,182],{},[20,180,181],{},"Targeted devices"," — devices with a high number of EDR alerts, linked to an admin account or an account with a non-expiring password",[50,184,185,188],{},[20,186,187],{},"Legacy"," — percentage of devices or accounts still present in IT and cyber tools, with a last activity date over 90 days old",[40,190],{},[11,192,194],{"id":193},"how-overview-calculates-these-indicators","How OverView calculates these indicators",[16,196,197],{},"OverView connects to your existing tools (AD, EDR, CMDB, MDM, vulnerability scanners) and collects data without heavy technical integration. Indicators are calculated automatically and updated continuously.",[199,200,201,214],"table",{},[202,203,204],"thead",{},[205,206,207,211],"tr",{},[208,209,210],"th",{},"What you have today",[208,212,213],{},"What OverView brings",[215,216,217,226,234,242],"tbody",{},[205,218,219,223],{},[220,221,222],"td",{},"Data scattered across 5 to 15 tools",[220,224,225],{},"Unified view in a single dashboard",[205,227,228,231],{},[220,229,230],{},"Manual, declarative indicators",[220,232,233],{},"KPIs calculated from actual data",[205,235,236,239],{},[220,237,238],{},"No cross-referencing between tools",[220,240,241],{},"6 cross-reference indicators that reveal real risks",[205,243,244,247],{},[220,245,246],{},"Monthly reporting taking 2 days",[220,248,249],{},"Automated reporting, always up to date",[251,252,253],"blockquote",{},[16,254,255],{},"\"Before OverView, we had the data but not the vision. Now, cross-references show us exactly where to act.\"",{"title":257,"searchDepth":258,"depth":258,"links":259},"",2,[260,261,262,263,264],{"id":13,"depth":258,"text":14},{"id":44,"depth":258,"text":45},{"id":100,"depth":258,"text":101},{"id":142,"depth":258,"text":143},{"id":193,"depth":258,"text":194},"Guide",null,"20-indicateurs-cles-de-conformite","2026-02-01","8 Device indicators, 6 Identity, 6 Cross-references: the essential KPIs for managing your cybersecurity posture with OverView.",false,"md",{},true,"\u002Fresources\u002F20-key-cyber-compliance-indicators",{"title":5,"description":269},"resources\u002F20-key-cyber-compliance-indicators","2WxRvcjp3xl1LN8Uiptd8i7zIb3jbDKXywHnIu6fvQc",1783099164068]