Approximately how many metrics are typical at the board level?

Boards need a concise, navigable view of the organization’s risk posture. Presenting a moderate number of metrics allows coverage of the major risk areas while keeping the discussion focused on actions. Approximately 30–35 metrics at the board level gives enough breadth to reflect governance, risk, and compliance across domains—such as strategic risk, cyber risk, third-party risk, data privacy, regulatory status, incident trends, control effectiveness, remediation progress, and resilience indicators—without overwhelming with detail. This setup supports trend analysis and alignment with risk appetite, thresholds, and targets to enable timely governance decisions. Too few metrics would omit important risk areas, while too many would create cognitive overload and obscure key issues.