Zurich and its partners propose six indicators that could provide clarity: the percentage of organizations with cyber insurance or audit certification, the share of exploited vulnerabilities older than one year, the number of significant cyber incidents, the average time to containment, the mean time to restore operations, and the proportion of unfilled cybersecurity positions.