Refers what they are achieving through their attack on our organization.

The main concept here is recognizing the end result an attacker is aiming for—the outcome of their attack. This concept focuses on what the attacker ultimately wants to accomplish or the effect they intend to produce on your organization.

The best fit is the term that directly names that end state. If an attacker is successful, the outcome is the result of their actions—such as stolen data, compromised systems, or disrupted services. Metrics, on the other hand, are measurements we use to gauge performance or progress, not what the attacker is trying to achieve. A monitoring control is a defensive mechanism to observe activity or enforce policies, not the attack’s goal. A baseline is the normal or expected state used for comparison, not the attacker’s intended result.

For example, if the attacker’s aim is to exfiltrate sensitive information, the outcome is data theft. If their aim is to take the service offline, the outcome is service disruption.