Recognizing the complexity of cyber attacks and the multi-stakeholder nature of tackling cyber security are the key components of a new data-driven cyber security system currently being developed. The aim is to support organizations of all sizes in maintaining adequate levels of cyber security through a semi-automatic, regularly updated, organization-tailored security assessment of their digital infrastructures.