Expected impact

Expected impact answers the question every security leader asks before committing budget: what does this actually get me?

Forest estimates impact by projecting the score change if you close the gap a recommendation addresses. Because scoring is deterministic, this projection is exact, not a forecast. If a capability moves from maturity 2 to its target of 4, FIS recalculates the affected domain score and the headline Forest Score using the same formulas it already uses, and shows you the difference.

Impact reflects criticality and weighting. A compliance-required capability (criticality 3) with a wide gap moves your scores more than a nice-to-have with the same gap, because it carries more weight in the Org Score. Remember that the Forest Score is 50% Org Score, 20% goal alignment, 15% capability coverage, and 15% execution discipline, so a recommendation that closes a coverage gap can lift more than one component at once.

Impact is a recalculation, not a promise about the real world. It tells you what your scores become if the maturity change you describe actually happens.

Use impact to sequence work. Recommendations with high impact and reasonable effort are the obvious early wins. High impact paired with high effort belongs on the roadmap with proper planning.

Impact pairs with effort and confidence to give you the full picture before you decide whether to accept it.