# For three years, I reported a metric I was proud of. Mean time to detect: und...
Canonical: https://social-archive.org/tgroenwals/mWzJJhSPEa
Original URL: https://www.linkedin.com/posts/salasadrian_ciso-securityleadership-cybersecurity-share-7467151596318285824-0hCh/
Author: Adrian S.
Platform: linkedin
## Content
For three years, I reported a metric I was proud of. Mean time to detect: under four hours. Trending down every quarter. Better than industry average. Then a board member asked a question I wasn't ready for. "What does that mean for the business?" I gave him the context. The benchmarks. The trend line. He nodded and moved on. After the meeting, a peer told me what he'd said on the way out. "I still don't know if we're safe." I had answered a different question than the one he was asking. He wasn't asking about detection speed. He was asking about exposure — what it costs if something goes wrong. Mean time to detect is not a board metric. It measures how quickly we find a problem. The board needs to know what happens to the business if we find it four hours in versus four minutes in. That is a different number. I rebuilt the entire reporting framework after that conversation. Not because the metrics were wrong. Because they were answering a question nobody in that room was actually asking. The three metrics a board actually cares about: risk as financial exposure, not percentage improvement. Recovery capacity, not recovery time. Program resilience, not program activity. Tomorrow: the specific metrics that translate — and the ones that don't, with a before/after translation table. 📄 The Board Doesn't Care About Your Metrics: https://lnkd.in/gFphR8tz 📧 Thursday 5:30 PM CST (Central Standard Time): The Fast CISO (Chief Information Security Officer) Issue #21 — Security Metrics Translation Framework, including a complete board-ready metrics mapping worksheet. Subscribe: https://lnkd.in/gKv_jyAy When you present security metrics to your board, what's the most common reaction? A) They engage and ask follow-up questions B) They nod and move on — I'm not sure they understood C) They ask me to simplify — "what does this actually mean?" D) They've stopped asking about metrics and started asking about outcomes #CISO #SecurityLeadership #CyberSecurity #BoardCommunication