Although there is more awareness about cybersecurity risks at the board level today, it remains difficult for boards to quantify cybersecurity risks properly. It has proven difficult for organisations to evaluate cybersecurity risks in the same manner as other business risks, thereby inhibiting their ability to make calculated decisions about security control investments. This white paper looks at the ROI of cybersecurity and how it can create real business value.