SIO-9.6.46
Stablecoin issuers should establish metrics to measure the impact of a cyber incident and to report to management the performance of response activities. Examples include:
(a) Metrics to measure impact of a cyber incident:
i. Duration of unavailability of critical functions and services;
ii. Number of stolen records or affected accounts;
iii. Volume of clients impacted;
iv. Amount of lost revenue due to business downtime, including both existing and future business opportunities; and
v. Percentage of service level agreements breached.
(b) Performance metrics for incident management:
i. Volume of incidents detected and responded via automation;
ii. Dwell time (i.e. the duration a threat actor has undetected access until completely removed); and
iii. Recovery Point objectives (RPO) and recovery time objectives (RTO) satisfied.
Added: July 2025