Firms at the intermediate phase of cybersecurity and privacy maturity begin to measure everything. With the right metrics in place in areas such policy effectiveness and employee skills development, tech execs can initiate a virtuous circle of perpetual learning and refinement to boost human risk management practices. This report helps tech execs meet the challenges of the intermediate phase and prepare for the advanced phase.