Best Practice Report

Five Steps To Better Human Risk Management Metrics

Enhance Your Security Awareness, Behavior, And Culture Metrics To Show Value And Reduce Security Friction

 and  four contributors
Oct 08, 2025

Summary

Security leaders struggle to identify and manage meaningful metrics that demonstrate the impact of their human risk management (HRM) program. Instead, they often choose to focus on easy-to-obtain, long-held tactical security awareness, training, and engagement metrics. Identifying meaningful HRM metrics is complicated by the fact that changing behavior and instilling a security culture have been difficult to conceptualize and measure. This report establishes a set of HRM metrics and details a five-step process to operationalize those metrics to improve security culture and demonstrate value.

Log in to continue reading
Client log in
Welcome back. Log in to your account to continue reading this research.
Become a client
Become a client today for these benefits:
  • Stay ahead of changing market and customer dynamics with the latest insights.
  • Partner with expert analysts to make progress on your top initiatives.
  • Get answers from trusted research using Izola, Forrester's genAI tool.
Purchase this report
This report is available for individual purchase ($1495).