Cybersecurity is a prime example of this, with security teams struggling to succinctly demonstrate the ROI from not getting hacked last month or from not losing valuable customer data from the breach that never happened. CISOs can do this by tying security investments to business impacts through a cyber balance sheet. Cyber-risk should be structured and measured beyond mere threats, vulnerabilities, and probability and into the realm of fully assessing the nature and severity of risks; the “materiality” of threats for prioritizing remediation.”]
Source: https://www.darkreading.com/cloud/to-prove-cybersecurity-s-worth-create-a-cyber-balance-sheet