But as a more general metric (for custom block-cipher) can the security measured with the impact of a bit change in the input to every bit of the output?
Trivially no. If the block cipher's round function is linear, then no number of rounds will make inverting it any more difficult.
You also didn't describe whether you're talking about Confusion, Diffusion, or both.
Confusion defines a relationship between the key and the ciphertext: each bit of the ciphertext is dependent on many bits of the key, so that if any bit of the key is changed approximately 50% of the bits of the ciphertext will change.
Diffusion defines a relationship between the plaintext and the ciphertext: each bit in the ciphertext is dependent on many bits of the plaintext, so that if any bit of the plaintext is changed approximately 50% of the bits of the ciphertext will change.
Both are necessary, but not sufficient, for security. When combined with a non-linear round function you might get a decent block cipher, but even then it's possible for information to leak resulting in insecurity.
Also, block ciphers on their own are only at best IND-CPA secure (the weakest form of security) if exactly one block is encrypted with any given key. More blocks being encrypted means that any two identical plaintext blocks will have identical ciphertext, which is a break in the indistinguishability. To be IND-CPA secure a mode of operation like CTR mode (turning it into a stream cipher) or CBC mode (chaining ciphertext blocks) is required. But even that isn't "secure", since an attacker can alter the ciphertext and cause a victim to decrypt to get incorrect plaintext, so an Authenticated Encryption mode is needed for proper IND-CCA3 security. That'd be something like GCM, SIV, GCM-SIV, or OCB mode. And even that has some caveats, since such modes require a "nonce" (Number used ONCE) that eliminates (GCM, OCB) or reduces (GCM-SIV, SIV) security if re-used.