CISOs need to be able to speak to risks in a way that executives, other departments, clients, and team members will understand. Having a risk system in place, while by no means is a complete way to quantify cyber spend, is a good place to start. Every cyber professional will start with a standard framework and tweak certain variables for his or her own needs. For example, your wifi probably has a low impact on your business, but what if someone was able to get a hold of your intellectual property?”]
Source: https://www.csoonline.com/article/3223209/cyber-risk-systems-how-to-get-them-to-get-it.html