Sample meters
Configurable in our AI-based software (under development)
The historical Policy-Resonance Index reflects pre-2024 conditions when technological alignment and green transition had lower harmonization across EU frameworks. The model reconstructs past resonance using archived strategy documents, EU funding data, and trade policy indicators from the previous policy cycle.
The projected Policy-Resonance Index simulates the 2027 horizon, integrating policy drafts, EU funding allocations, and cross-sector strategy materials. The future curve is generated by applying weighted trends derived from the latest Green Deal acceleration packages, digital sovereignty roadmaps, and defense cooperation frameworks.
Policy-Resonance Meter – Data Link Overview
Each value in the Policy-Resonance Meter is directly derived from the evidence base of the Qatalis Competitiveness Report 2025, integrating verified indicators from four report sections:
- T – Technology Alignment: Section 2.4 “Technological Cohesion and Strategic R&D Alignment”
- E – Economic Integration: Section 3.1 “Trade Exposure and Cross-Border Economic Convergence”
- G – Green Transition: Section 4.2 “Energy Systems, Sustainability Pathways, and Green Deal Impact”
- D – Defence & Resilience Relevance: Section 5.3 “Strategic Autonomy, Supply-Chain Security, and Dual-Use Readiness”
The composite value of 72 represents the Policy-Resonance Index (PRI) calculated through the formula PRI = 0.4T + 0.3E + 0.2G + 1D, which measures the degree of policy coherence and alignment between technology, economy, environment, and defence frameworks.
Selecting this meter within the digital interface links directly to each of the above report sections, enabling full traceability between the aggregated PRI score and its underlying datasets.
The historical Policy-Resonance Index reflects pre-2024 conditions when technological alignment and green transition had lower harmonization across EU frameworks. The model reconstructs past resonance using archived strategy documents, EU funding data, and trade policy indicators from the previous policy cycle.
The projected Policy-Resonance Index simulates the 2027 horizon, integrating policy drafts, EU funding allocations, and cross-sector strategy materials. The future curve is generated by applying weighted trends derived from the latest Green Deal acceleration packages, digital sovereignty roadmaps, and defense cooperation frameworks.
Competitiveness Exposure Radar 2025 – Data Link Overview
Each value in the radar is directly sourced from the corresponding sections of the Qatalis Competitiveness Report 2025. The radar functions as an interactive layer: selecting any segment or data point opens the underlying report chapter where the metric originates.
The composition is as follows:
- Innovation (40%) – Linked to Section 2.1 “Innovation Dynamics and R&D Exposure”
- Digital Infrastructure (60%) – Linked to Section 2.3 “Digital Architecture and Connectivity Readiness”
- Regulation (70%) – Linked to Section 3.2 “Regulatory Compliance and Governance Maturity”
- Sustainability (65%) – Linked to Section 4.1 “Green Transition and ESG Implementation”
- Market Integration (55%) – Linked to Section 5.4 “Cross-Border Value Chains and Single Market Data Integration”
Each indicator aggregates exposed data signals identified in the report’s analytical tables and annexes.
The radar therefore serves as a live visualization of the report’s quantitative backbone — not as a separate dataset, but as a navigational and monitoring interface for the same verified information.
Time-based evidence for board accountability
Your dashboard transforms cyber exposure into governance proof.
As board members and executives, you face increasing regulatory pressure to demonstrate not just cybersecurity awareness, but documented, time-stamped accountability. Hong Kong’s Cybersecurity Ordinance (Cap. 653) and EU regulations (DORA, NIS2) demand you answer three critical questions:
- What did you know?
- When did you know it?
- What did you do?
Without time-based evidence, there is no oversight. Without oversight, there is no compliance.
The Qatalis dashboard provides decision-grade metrics, not technical reports. Each meter connects cyber exposure directly to business outcomes, regulatory requirements, and fiduciary responsibility. This is governance infrastructure, not just security monitoring.
Policy-resonance meter
What it shows
The Policy-Resonance Meter measures your organization’s alignment with four strategic policy frameworks that drive regulatory requirements:
- T (Technology): Alignment with digital transformation mandates
- E (Economic): Integration with cross-border trade and economic frameworks
- G (Green Transition): Compliance with sustainability and ESG requirements
- D (Defence & Resilience): Strategic autonomy and supply-chain security
Current composite score: 72 — positioned in the “Building Zone” (50-75), indicating progressive governance maturity.
Why it matters for governance
Regulatory foresight: This meter predicts regulatory convergence 7-30 days ahead, allowing boards to prepare for policy shifts before enforcement actions begin.
Accountability evidence: Each score links directly to specific report sections, providing auditors with traceable evidence of your policy awareness and adaptation timeline.
Resource allocation: Identifies which policy domains require immediate board attention and budget allocation to avoid compliance gaps.
Regulatory context
- Hong Kong Cap. 653: Demonstrates ongoing assessment of cybersecurity landscape (required annually)
- EU DORA/NIS2: Provides evidence of continuous ICT risk management and third-party monitoring
- EU AI Act: Shows technology governance alignment and responsible AI oversight
Board question answered: “Can we prove our organization monitors and responds to relevant policy changes?”
Competitiveness exposure radar
What it shows
The five-dimensional Competitiveness Exposure Radar visualizes your organization’s exposure across strategic risk domains:
- Innovation (40%): R&D exposure and competitive intelligence visibility
- Digital Infrastructure (60%): Technology stack vulnerabilities and connectivity risks
- Regulation (70%): Compliance maturity and regulatory exposure level
- Sustainability (65%): ESG implementation and green transition readiness
- Market integration (55%): Cross-border value chain risks and market dependencies
Why it matters for governance
Enterprise risk visibility: Provides board members with an at-a-glance assessment of where the organization is most exposed—essential for strategic planning and M&A due diligence.
Comparative benchmarking: Each dimension can be compared against industry peers, enabling boards to assess competitive positioning in cyber resilience.
Investment prioritization: Identifies which domains require immediate capital allocation to reduce exposure and maintain operational resilience.
Regulatory context
- Hong Kong Cap. 653: Demonstrates comprehensive risk assessment across operational domains
- EU DORA: Provides ICT risk scenario analysis and operational resilience evidence
- EU NIS2: Shows supply chain security assessment and cross-sector vulnerability mapping
Board question answered: “Where are we most vulnerable, and how does this compare to our peers?”
Human-factor meter
What it shows
The Human-Factor Meter quantifies behavioral cybersecurity risk through four evidence-based dimensions:
- A (Awareness): Policy ownership and compliance behavior (35% weight)
- K (Knowledge/Skills): Decision-making competence under pressure (25% weight)
- E (Experience): Operational tool proficiency and digital literacy (20% weight)
- B (Behavior): Authority response and emotional regulation (20% weight)
Current score: 72 — Building Zone status indicates progressive human resilience but requires continued investment.
Why it matters for governance
Liability mitigation: Human error causes 82% of breaches. This meter provides boards with quantified evidence of workforce readiness—critical for demonstrating reasonable care in litigation.
Training ROI: Tracks the effectiveness of security awareness programs over time, justifying continued investment and demonstrating improvement to regulators.
Board accountability: Under Cap. 653 and DORA, boards must ensure staff competency. This meter provides the evidence auditors will demand.
Regulatory context
- Hong Kong Cap. 653: Demonstrates staff training and awareness programs are in place and effective
- EU DORA: Provides evidence of ICT staff competency and cybersecurity culture
- EU NIS2: Shows security awareness and cybersecurity training documentation
Board question answered: “Can we prove our people are trained, aware, and behaving securely?”
12-month trend analysis
What it shows
The 12-Month Trend Chart visualizes the temporal evolution of your aggregated exposure indicators, showing improvement or degradation across all monitored domains from 25 → 72 over the past year.
Why it matters for governance
Historical accountability: Provides time-stamped evidence of how your security posture evolved—essential for demonstrating continuous improvement to regulators and auditors.
Board meeting evidence: Each monthly data point can be traced back to specific board meetings and decisions, creating an auditable trail of governance actions.
Predictive governance: Trend analysis enables boards to forecast future risk trajectory and intervene before compliance gaps emerge.
Regulatory context
- Hong Kong Cap. 653: Provides annual cybersecurity assessment evidence with monthly granularity
- EU DORA/NIS2: Demonstrates continuous monitoring and year-over-year improvement
- Audit Readiness: Transforms months of work into minutes—your compliance trail is already documented
Board question answered: “Can we show we’ve been consistently monitoring and improving our security posture?”
Change over time: operational resilience metrics
What it shows
Three critical operational metrics that demonstrate organizational resilience:
- Detection latency: 2.1 hours (time to identify exposures—decreasing is better)
- Recovery efficiency: 0.8 days (time to remediate—decreasing is better)
- Exposure visibility: 28% (data discovery and monitoring coverage—increasing is better)
Why it matters for governance
Operational resilience proof: Hong Kong Cap. 653 requires 12-48 hour incident reporting. Detection latency of 2.1 hours demonstrates your ability to meet this requirement.
Board liability protection: Fast detection and recovery times reduce financial impact of breaches, demonstrating reasonable care in cyber governance.
Insurance requirements: Cyber insurance underwriters increasingly demand proof of MTTD (Mean Time to Detect) and MTTR (Mean Time to Respond). These metrics provide that evidence.
Regulatory context
- Hong Kong Cap. 653: Demonstrates incident detection and reporting capability within required timeframes
- EU DORA: Provides evidence of ICT incident management effectiveness
- EU NIS2: Shows incident handling procedures are operational and effective
Board question answered: “How quickly can we detect and respond to cyber incidents, and can we prove it?”
Use case scenarios
Scenario 1: Board meeting preparation (15 minutes to audit-ready)
The challenge: Your board meeting is tomorrow. The audit committee needs current cybersecurity status and evidence of ongoing oversight.
The solution:
- Open Qatalis Dashboard → view current meter readings
- Review 12-Month Trend to show continuous monitoring
- Click through to underlying report sections for detailed evidence
- Export time-stamped compliance checklist
Outcome: Board receives decision-grade cyber governance update with full audit trail—in minutes, not weeks of preparation.
Scenario 2: Regulatory audit (Hong Kong Cap. 653)
The challenge: Hong Kong regulator requests evidence of annual cybersecurity assessment and ongoing monitoring for the past year.
The solution:
- Competitiveness Exposure Radar → comprehensive risk assessment across all domains
- 12-Month Trend → demonstrates continuous monitoring over 52 weeks
- Change Over Time metrics → proves incident detection capability within 12-hour requirement
- Each data point links to specific evidence sources and timestamps
Outcome: Audit-ready evidence package delivered in minutes. Demonstrates board-level oversight, continuous assessment, and operational capability—all required under Cap. 653.
Scenario 3: M&A due diligence
The challenge: Potential acquisition target requires cyber risk assessment as part of due diligence. CFO needs to quantify cyber risk exposure in financial terms.
The solution:
- Competitiveness Exposure Radar → immediate visibility into all risk domains (Innovation, Digital Infrastructure, Regulation, Sustainability, Market Integration)
- Policy-Resonance Meter → assess regulatory alignment and future compliance costs
- Human-Factor Meter → quantify workforce risk and training investment needed post-acquisition
- 12-Month Trend → verify target’s cyber posture is improving or degrading
Outcome: Board and CFO receive comprehensive cyber risk profile that informs valuation, identifies integration costs, and surfaces hidden liabilities before deal closure.
Scenario 4: Investor relations & ESG reporting
The challenge: Institutional investors demand ESG disclosures including cybersecurity governance. IR team needs credible metrics and evidence.
The solution:
- Policy-Resonance Meter → demonstrates Green Transition and ESG alignment (G component)
- Competitiveness Exposure Radar → shows Sustainability dimension at 65% (progressive disclosure)
- 12-Month Trend → proves year-over-year improvement in cyber governance
- Human-Factor Meter → demonstrates responsible workforce development
Outcome: Investor-grade ESG cybersecurity disclosure that meets institutional requirements and supports premium valuations.
Scenario 5: Cyber insurance renewal
The challenge: Cyber insurance underwriter requires proof of security controls and incident response capability. CFO needs documentation to negotiate premium reduction.
The solution:
- Change Over Time metrics → prove Detection Latency (2.1 hours) and Recovery Efficiency (0.8 days) meet or exceed industry benchmarks
- Human-Factor Meter → demonstrate staff training and awareness programs reduce human-error risk
- 12-Month Trend → show continuous improvement in security posture
- Competitiveness Exposure Radar → provide comprehensive risk profile across all domains
Outcome: Insurance underwriter receives quantified evidence of reduced risk profile. Board negotiates 15-30% premium reduction with documented proof of operational resilience.
Additional dashboard concepts for future consideration
Based on research into board-level cyber governance, we recommend considering these additional meters for future dashboard development:
1. Third-party risk exposure meter
Visualizes vendor and supply chain cyber risk—increasingly critical under DORA and NIS2 third-party monitoring requirements.
2. Breach cost impact calculator
Quantifies potential financial impact of data breaches in specific business scenarios—essential for board risk discussions and insurance planning.
3. Compliance timeline tracker
Shows upcoming regulatory deadlines and current preparedness status—critical for Hong Kong Cap. 653 (69 days until enforcement) and ongoing DORA/NIS2 requirements.
4. Incident response readiness score
Measures organizational preparedness for cyber incidents across people, process, and technology—addresses board duty of care concerns.
5. Security investment ROI dashboard
Connects cybersecurity spending to risk reduction and business enablement—helps boards justify budgets and optimize resource allocation.
The bottom line for boards
Time-based evidence is the only acceptable proof of governance.
- Your dashboard doesn’t just show you risks—it creates the legal record of your oversight. Every meter reading is timestamped. Every trend is documented. Every action is traceable.
- When regulators ask “What did you know and when did you know it?” your dashboard provides the answer—in minutes, not months.
- This is cyber governance infrastructure for the digital economy.
- We built the Cyber Clock. Now you can see the Cyber Time.
