You either measure and know, or it's just your subjective opinion

Cyber security as a goal is meaningless without measurement.

Cyber Risk Quant

Intelligent strategy for cyber risk management

Cyber risk is about navigating possibility and harm in the complex world of networked technology. Knowing what to do in which circumstances, deciding when and how to spend budget on prevention, and when to accept risks without mitigation are strategic questions.

Intelligent strategy for cyber risk management