Which cybersecurity metrics do you currently use with your board?

We use a combination of CSMA, BitSight, and milestones on our 3-year Cyber Maturity roadmap. Most metrics/benchmarks are merely a yardstick, and what's important is that your organization matures at a steady pace.

None at all.
Just talking about risk values and their progress (up - down) and costs.

Business Unit Contributions: All indicators are provided by individual business units, highlighting varying levels of cybersecurity maturity across the organization. This comparative view serves as a guide for prioritizing remediation efforts.

• External Threats: Overview of threats related to our external environment.

For each threat, the dashboard includes readiness indicators for:
    • Protection
    • Response
    • Recovery

• Internal Key Risk Indicators (KRIs):
    • Vulnerabilities
    • Endpoint protection (servers, workstations, and network)
    • Database security
    • Third-party risk
    • System hardening
    • Patch Management 

• Business-Critical Application Vulnerabilities
• Cultural Risk: Human factor and security awareness
• Penetration Test Results
• NIST Framework Adherence
• External Risk Score: Based on SecurityScorecard
• Critical and High Severity Incidents
• Cybersecurity Strategic Plan: Execution status and results
• Audit Findings and Outcomes

We focus on rolled up risks, phishing, vulnerability management and program risks. We try to reduce noise as much as possible, but they do creep in as board security awareness and desire for the right level of metrics is being baselined. 

I suggest to look into the Gartner ODMs (Outcome-driven metrics) for Cybersecurity. We have adapted these 16 metrics, and one of the benefits is that it is possible to communicate them in an meaningful way for top management.
Other benefits are that they come as a pre-defined framework and that you can get benchmarks that at least in our case answers the the first question from leadership: How are others doing?