Information security metrics and key performance indicators (KPIs) are measurable values that track the effectiveness of cybersecurity efforts. These values provide insights into the overall organization security posture and also a quantifiable way see how an organization is preventing, detecting, and responding to the security attacks.
Security metrics are not limited to only incident response times, It must include all sub-team efforts of a CISO-team. Every sub-team of CISO team has goals that are aligned with the overall organizational goals. For example SOC2 certified or NIST CSF implementation and ISO certified.
So measuring goals via weekly, monthly and quarterly helps to track the progress and predict the road blocks.