5 KPI & Metrics for a Security Agency: What Should We Track?
Security Agency
You're choosing which metrics matter: track incident detection accuracy, mean time to verified intervention, PSOC utilization (monitored sites per certified specialist), recurring revenue ratio, and customer churn/contract retention. These five KPIs map directly to revenue, COGS, EBITDA and cash breakeven (breakeven occurred in year 2 in the model).
#
KPI Metric
Description
1
Incident Detection Accuracy Rate
Percent of detected anomalies confirmed as true incidents; reduces false alarms and improves intervention efficiency.
2
Mean Time to Verified Intervention
Average time from alert to confirmed intervention, indicating responsiveness and liability reduction.
3
PSOC Utilization Rate
Monitored sites per certified specialist; measures operational leverage and staffing efficiency.
4
Recurring Revenue Ratio
Share of revenue from subscriptions; signals predictability and valuation improvement.
5
Customer Churn and Contract Retention
Percentage renewing at three-year term; impacts lifetime value and growth sustainability.
Key Takeaways
Track incident detection accuracy against onboarding baselines weekly
Measure mean time to verified intervention per site
Report monthly PSOC utilization and staffing gap forecast
Monitor monthly net cash burn versus minimum cash
What Are The 5 Must-Track KPIs?
You're scaling a security agency-track five KPIs that tell you if operations, revenue, and contracts are healthy and keeping cash runway intact. Focus on incident detection accuracy rate, mean time to verified intervention, subscription revenue growth (MoM and YoY), PSOC utilization rate, and customer churn rate for three-year contracts; these link directly to recurring revenue ratio and gross margin drivers. Check these alongside operating cost lines in What Operating Costs Does a Security Agency Incur? so finance and ops act on the same dashboard. Read on for quick, actionable tracking items.
Core KPIs
Incident detection accuracy - true positives vs baseline
Mean time to verified intervention - alert to confirmed response
Subscription revenue growth - MoM and YoY
PSOC utilization - monitored sites per certified specialist
What Numbers Tell You If You're Actually Making Money?
You need four clear financial checks to know if the security agency is profitable - read on to see which ones matter and how they tie to ops metrics like PSOC KPIs and recurring revenue ratio. See How to Start a Security Agency? for setup context and revenue model links.
Give a header name
Gross margin: after COGS including PSOC labor and cloud processing
EBITDA trajectory: since launch showing loss then positive profitability
Cash runway: measured vs minimum cash requirement and monthly burn
Revenue mix: recurring revenue percentage (incl onboarding & analytics) and hardware resale margin vs provisioning cost
Which KPI Predicts Cash Flow Problems Early?
Monthly net cash burn compared to the minimum cash threshold is the earliest flag for cash flow stress, so watch it before hiring or capex. Also track delayed onboarding revenues versus projected subscription start dates, accounts receivable days outstanding, and variability in rapid-response deployment fees to see timing gaps. For PSOC KPIs and cash runway and minimum cash threshold context, compare these metrics to your subscription start schedules and contract milestones and read What Operating Costs Does a Security Agency Incur?.
Early-warning cash KPIs
Monthly net cash burn vs minimum cash threshold
Delayed onboarding revenue vs projected start
Accounts receivable days outstanding
Rapid-response deployment fee variability
Which KPI Shows If Marketing Is Paying Off?
You're testing channels - measure marketing with five focused KPIs so you can see which leads turn into long, profitable subscriptions and fix the funnel fast; read How to Start a Security Agency? for setup steps. Track customer acquisition cost (security services) including retainer spend, conversion rate of sales-qualified leads to three-year contracts, average deal size split by PSOC service versus onboarding and hardware, payback period on sales commissions versus first-year subscription revenue, and the percentage of leads from insurance broker partnerships.
Give a header name
Measure CAC including marketing retainer spend
Track SQL-to-three-year-contract conversion rate
Compare PSOC service deal size vs onboarding/hardware
Calculate payback period on sales commissions
What KPI Do Most New Owners Ignore Until It's Too Late?
You're often watching revenue and incident detection accuracy, but you can miss cost levers that break cash flow-keep reading to catch them early and protect PSOC margins. The true cost of third-party rapid-response fees and sensor maintenance quietly inflates COGS and lowers gross margin security services. Watch PSOC specialist training hours per monitored site and contractual exposure on three-year subscriptions for early warning signs. See operational payoffs and owner earnings context here: How Much Does a Security Agency Business Owner Earn?
Give a header name
True rapid-response fees: embed in COGS, track per dispatch
Sensor maintenance cost: tie to hardware provisioning inventory
PSOC cert & training hours: measure per monitored site to cut labor %
Contract exposure: monitor three-year contract early terminations
What Are 5 Core KPIs Should Track?
KPI 1: Incident Detection Accuracy Rate
Definition
Incident Detection Accuracy Rate measures the share of flagged anomalies that are confirmed true incidents. It shows whether your monitoring and behavioral models correctly identify real threats versus false alarms, and directly ties to faster verified interventions and lower false-alarm costs.
Advantages
Reduces response cost by cutting false alarms and rapid-response fees
Improves PSOC value proposition vs. 24/7 physical guarding
Strengthens insurance conversations by quantifying risk reduction
Disadvantages
Can hide coverage gaps if detection scope is narrow
Improper baselines lead to misleading improvements
High initial false-positive rates raise operational costs
Industry Benchmarks
Benchmarks vary by site type: simple perimeter sites often target 80-90% true-positive rates, complex industrial sites target lower early-stage accuracy but improve over months as models train. Use site-specific baselines from onboarding and track improvement toward those targets; this matters because accuracy drives verified intervention speed and cost savings tied to a claimed 35-50% reduction in total security expenditure.
How To Improve
Train behavioral models with 90-180 days of site-specific data
Implement human-in-the-loop triage to reduce false positives fast
Adjust sensor placement and rules after quarterly review
How To Calculate
Incident Detection Accuracy Rate = (Number of true positive incidents confirmed ÷ Total anomalies detected) × 100%
Compare accuracy to site baseline set during onboarding
Report monthly and show trend vs. PSOC utilization and MTTV
Tag incidents by type to prioritize model improvements
Link accuracy gains to reduced rapid-response spend and churn
KPI 2: Mean Time to Verified Intervention
Definition
Mean Time to Verified Intervention is the average time from an anomalous alert to confirmed intervention or resolution, including PSOC analyst triage and any third-party rapid-response dispatch. It measures how quickly the security agency converts an alert into a verified outcome and directly ties to liability, insurance value, and customer SLAs.
Advantages
Shows operational speed and reduces liability exposure
Drives insurance partner value via measurable risk reduction
Guides staffing and PSOC utilization planning
Disadvantages
Can be skewed by outlier incidents or false positives
Requires accurate time-stamping across PSOC and dispatch vendors
Hard to compare across sites without perimeter complexity normalization
Industry Benchmarks
Benchmarks vary by site complexity: for simple perimeter sites expect SLAs measured in minutes, for dense industrial perimeters expect SLAs in tens of minutes. Benchmarks matter because targets must be set per customer to reflect perimeter density and risk profile, and because insurers price reductions based on verified intervention speed.
How To Improve
Automate triage to cut analyst decision time
Pre-contract rapid-response vendors with SLA windows
Use edge filtering to reduce false positives and wasted dispatches
How To Calculate
Mean Time to Verified Intervention = Total time from alert to verified intervention for all incidents / Number of verified interventions
Example of Calculation
Mean Time to Verified Intervention = (300s + 600s + 120s) / 3 = 340s
Tips and Trics
Timestamp alerts, triage start, and verification in one unified log
Segment MTTV by site type and report monthly to spot regressions
Link MTTV to false alarm reduction rate and PSOC utilization
Use MTTV reductions to negotiate insurance referrals and pricing
KPI 3: PSOC Utilization Rate
Definition
PSOC Utilization Rate measures the average number of monitored sites per certified PSOC (Physical Security Operations Center) specialist. It shows operational leverage: higher utilization lowers PSOC labor as a percent of revenue and supports subscription growth without linear headcount increases.
Advantages
Improves gross margin by reducing PSOC labor percentage
Supports capacity planning for hiring and capex around growth milestones
Demonstrates scalability to investors via recurring revenue ratio gains
Disadvantages
Can mask quality drops if analyst workload cuts triage accuracy
Varies widely by site complexity, so cross-customer averages mislead
Improvement may require upfront capex in automation or training
Industry Benchmarks
Benchmarks depend on service model and site complexity; use site-specific baselines established during onboarding and compare over time. Track against business milestones such as achieving breakeven in year 2 and rising recurring revenue ratio as utilization improves.
How To Improve
Automate routine triage to free analyst time
Standardize site classes so staffing matches complexity
Increase certification and cross-training to reduce single points
Segment utilization by site class (low/medium/high complexity)
Link utilization trends to incident detection accuracy and MTTV
Model hiring so utilization stays within target ranges per growth plan
Audit automation ROI quarterly - defintely retire low-value manual tasks
KPI 4: Recurring Revenue Ratio
Definition
Recurring Revenue Ratio measures the share of total revenue that comes from ongoing subscription PSOC service contracts versus one-time onboarding, hardware resale, or ad-hoc fees. It shows how much of your revenue is predictable and tied to multi-year contracts like three-year subscriptions and tracks progress toward the modelled breakeven in year 2.
Advantages
Increases revenue predictability for cash planning and investor talks
Lowers dependency on one-time onboarding and hardware resale income
Improves valuation metrics like IRR when the ratio rises
Disadvantages
Can mask low gross margins if subscriptions are underpriced
Depends on contract enforcement - early terminations cut ratio quickly
Overstates stability if churn on three-year contracts is high
Industry Benchmarks
For subscription-based security monitoring, strong operators typically aim for a recurring revenue share above 60-80% once hardware onboarding tails off; models that hit breakeven by year 2 generally show recurring revenue ratios rising each quarter. Benchmarks matter because higher ratios directly reduce monthly cash burn and improve runway against the Minimum Cash threshold.
How To Improve
Price more services into subscription bundles, not as add-ons
Incentivize multi-year signups and stagger onboarding to smooth cash
Reduce PSOC labor COGS via automation to raise subscription margins
How To Calculate
Recurring Revenue Ratio = Subscription Revenue / Total Revenue
Example of Calculation
Recurring Revenue Ratio = $400,000 / $500,000 = 80%
Tips and Trics
Report monthly to catch onboarding revenue delays early
Show recurring ratio with gross margin to avoid false security
Track ratio by cohort to spot declining contract quality
Use ratio trends when forecasting cash runway and capex timing
KPI 5: Customer Churn and Contract Retention
Definition
Customer Churn and Contract Retention measures the percentage of customers who renew at the end of the three-year subscription term. It shows how well the security agency keeps clients, which directly affects lifetime value, payback on sales spend, and claims about 35-50% reduction in total security costs.
Advantages
Stabilizes projected recurring revenue for years 2-5
Improves payback period calculations on customer acquisition cost
Supports retention-linked pricing and customer-success bonuses
Disadvantages
Hides short-term onboarding failures if only measured at year 3
Can be distorted by large-contract churn or one big customer loss
Requires accurate contract start/end tracking to be meaningful
Industry Benchmarks
For subscription security monitoring, multi-year retention expectations typically exceed annual SaaS benchmarks because contracts run three-year. Benchmarks matter when validating claims like the 35-50% reduction in total security expenditure; higher retention strengthens those claims and improves valuation metrics such as IRR.
How To Improve
Align customer-success KPIs and bonuses to three-year renewals
Reduce false alarms to lower operating pain and increase satisfaction
Embed analytics and insurance reporting to raise switching costs
How To Calculate
Customer Churn and Contract Retention = (Number of customers who renewed at end of 3-year term ÷ Number of customers at start of 3-year term) × 100%
Track five core KPIs: incident detection accuracy, mean time to verified intervention, PSOC utilization, recurring revenue ratio, and churn Use revenues and EBITDA trends to validate performance, for example REVENUE 1Y and EBITDA 1Y Monitor against Minimum Cash and breakeven timing to spot issues early
Report monthly to capture operational shifts and quarterly for strategic review Monthly reports should include revenue and EBITDA snapshots such as REVENUE 1Y and EBITDA 2Y Quarterly reviews align with capex spend and hiring decisions
Target depends on site complexity set customer-specific SLAs and benchmark improvements Use PSOC utilization and intervention metrics to show progress Compare outcomes to claims reduction objectives when working with insurance brokers
Yes direct oversight by a finance or operations lead is required to interpret trends One Finance Manager is budgeted, and PSOC labor is a defined COGS line Combine specialist input with automated dashboards for scalable analysis
KPIs drive revenues, COGS, and cash outcomes influencing EBITDA and IRR Use REVENUE 2Y and EBITDA 3Y as checkpoints Monitor Minimum Cash month and breakeven year to validate model assumptions
