Recall measures how complete a system's catching is: of all the real events that actually happened, what fraction did it detect. Formally it is true positives divided by true positives plus false negatives — the events caught over all the events that occurred. A recall of 0.8 means the system caught eight of every ten real events and missed two. It answers the question that matters for security: "of the things I needed to see, how many did this system actually flag?"
Recall is the other half of accuracy, inseparable from precision. Pushing recall up — by alerting on anything remotely suspicious — catches more real events but also raises false positives, lowering precision; tightening to avoid false alarms raises precision but misses more real events, lowering recall. This is why a single accuracy figure is misleading: the honest statement is a precision/recall pair measured under the real scene, lighting, and tuning.
The pitfall is chasing recall without counting the cost. Recall of nearly 1.0 is easy if you accept a flood of false alarms — alert on everything and you miss nothing, but you bury operators and trigger alert fatigue, so the true events drown anyway. The right operating point depends on the cost of a miss versus a false alarm: lean to high recall where missing an event is unacceptable (perimeter intrusion, weapon detection), and accept more false positives there, managed by human verification. Recall is a conditions-dependent range, never 100% in practice.
