This report synthesises an OECD project to develop a framework and a set of statistical indicators that can be used to assess the digital security (cybersecurity) risk management practices of businesses. A survey instrument aligned with the framework was developed and piloted. After a general...