A metric that provides an early signal of rising risk exposure before it turns into an incident.
Key risk indicators are forward-looking measures that warn when a risk is trending in the wrong direction. Examples include a growing number of overdue patches, rising failed-login attempts, or an increasing backlog of access reviews.
While a KPI tells you how well something is performing, a KRI tells you how much danger is building. Tracking both gives leadership a balanced view for management review and risk decisions.
KaitoSec