Key Risk Indicators (KRIs) are forward-looking metrics designed to signal increasing risk exposure before incidents occur. Unlike KPIs, which measure past performance, KRIs act as early warning systems by tracking conditions that correlate with elevated risk, such as a rising number of failed login attempts, an increase in overdue patches, or growing employee turnover in critical security roles.
Effective KRI programmes establish thresholds that trigger escalation and response procedures when breached. By integrating KRIs into risk dashboards, organisations can shift from reactive to proactive risk management, enabling timely intervention and better-informed decisions during management reviews and risk committee meetings.