Metrics Can Not Adequately Describe The Pain of Cybercrime

How can you measure the effect of a cybersecurity incident on your company? Knowing the number of records involved and the costs incurred by the event, but it can not give you a complete picture because there is much more involved than those metrics tell you.


What could other implemented methods help you see the whole picture? Can the pain caused by a cybersecurity incident be understood by any set of numbers?