It’s critical to know what your organization is trying to achieve and how success is measured if you are going to meaningfully contribute to cyber risk management decisions.
This week’s task is to identify your organization’s most important 3 to 5 key mission metrics. What are the metrics your company uses to determine if it is successful? If it is meeting its mission? If it’s performance is improving or degrading?
Note: The term key performance indicator (KPI) is often used, and you may want to ask for KPIs. I prefer the term key mission metric because it is more descriptive of the goal. You are looking for metrics that will indicate if the organization is making progress on achieving its key missions.
Ideally your organization’s executive management would have clearly identified and made known the key mission metrics. If this is the case, this week’s task is simple. If this isn’t the case, you need to do some digging.
One key mission metric is typically a financial metric. Profit, annual recurring revenue, stock price, market share, etc. Some of these are better than others. Remember you are trying to learn the key mission metrics, not influence them. Ask a lot of questions and listen.
Other common examples of key mission metrics are:
- Operation’s metrics such as outages with customer impact, meeting production schedules
- Human safety, related to your employees / contractors, customers, and the community
- Customer satisfaction, customer retention, market share, shelf space
_________
List three to five of your company’s key mission metrics and where that key mission metric is available.
Key Mission Metric 1:
Source:
Key Mission Metric 2:
Source:
Key Mission Metric 3:
