On May 23, 2018, RISCS held a workshop in London that looked at the utility of cyber security metrics. The purpose of the workshop was to develop a deeper understanding of the ways in which cyber security metrics are used in decision-making more generally, and also to raise questions about how data is best presented to the board and the policy community more specifically. We wanted to explore the potential for metrics to help but we also want to take a critical approach to the underlying values that can shape metrics – and consequently, decisions. Download the report here (opens pdf).