Key metrics:
MTTD (Mean Time to Detect),
MTTR (Mean Time to Respond/Remediate), patch SLA compliance %, % critical vulns remediated, phishing click rate, alert volume trend.
Metrics drive improvement. MTTD: how fast you detect breaches. MTTR: how fast you respond. Track trends — improving over time matters more than absolute values. Executive reporting: translate technical metrics into business risk language (cost of data breach, regulatory exposure).