Automatic KRIs — updated live from your active services
No client input. No manual reporting
These three KRIs are generated directly from your active Banyax services — continuously, automatically, without your team having to do anything.

Technologies
AUTOMATIC · M/XDR
Measures real detection coverage. If a tool stops reporting, an asset loses coverage, or a data source goes down — this KRI reflects it immediately. No client input required.
DISCOVERY QUESTION
“If an attack happened today, are you confident you would see it?”

Awareness
AUTOMATIC · M/AT
Measures real security culture — not whether employees took a course, but whether they can recognize and avoid a threat when it arrives. Updated automatically after each phishing simulation.
DISCOVERY QUESTION
“How many of your employees would click on a phishing email today?”

External Threats
AUTOMATIC · M/ETI
Measures what’s happening to the organization outside its walls — without the client knowing. Leaked credentials, spoofed domains, exposed data, or mentions in cybercrime forums. Updated in real time.
DISCOVERY QUESTION
“Do you know if your corporate credentials or sensitive data are exposed right now?”
Questionnaire KRIs — completed with your team
Structured assessments. Quantified risk.
These four KRIs are built from guided assessments your team completes with Banyax. Areas that active monitoring can’t automatically see — but that represent real exposure.

Operational Technologies
QUESTIONNAIRE · OT/ICS
Measures risk in the systems that run the physical business. An OT vulnerability doesn’t stop a server — it can stop a plant. Built from a structured assessment on network segmentation, patches, remote access, and exposed industrial protocols.
DISCOVERY QUESTION
“If your operations network were compromised tomorrow, how long would you be down?”

Framework
QUESTIONNAIRE · NIST / ISO 27001
Measures — with data, not assumptions — how solid the security posture is against the standards auditors and regulators require. Mapped against NIST, ISO 27001, and applicable regulatory frameworks.
DISCOVERY QUESTION
“How do you demonstrate to auditors or regulators that your security controls are in order?”

Supply Chain
QUESTIONNAIRE · THIRD-PARTY RISK
Measures the risk that vendors and third parties with access to your systems or data represent. You can have everything in order internally and be compromised through a careless supplier.
DISCOVERY QUESTION
“How many vendors have access to your systems — and what controls do they have over that access?”

Cyber Resilience
QUESTIONNAIRE · RESPONSE & RECOVERY
Measures how prepared the organization is to respond and recover when an incident occurs. It’s not about if it will happen — it’s about how much it costs when it does.
DISCOVERY QUESTION
“If you were hit by ransomware today, in how many hours could you return to normal operations?”
Managed KRI — tracked by Banyax
KRI 8: Recommendations.
Recommendatios by banyax · Managed by Banyax
Measures the accumulated risk from unimplemented security recommendations generated across all three services — M/XDR, M/AT, and M/ETI. Every finding from every surface ends up here, with a risk level and a deadline.
Unlike the other 7 KRIs, this one consolidates everything Banyax identifies into a single prioritized action list — so your team always knows what to fix first, and Banyax tracks the progress until it’s resolved.

Recommendations
By Banyax
DISCOVERY QUESTION
“How many open security recommendations do you have today — and what’s the impact if they go unaddressed?”