-Aggregate, enterprise-wide cyber risk as represented by self-insurance cost
-Overall cybersecurity capabilities
-Specific regulator-mandated areas for mitigation
-The enterprise cybersecurity risk stack and where the organization sits currently
-The expected risk reduction valuation of as-proposed initiatives, projects, proposed budgets and/or changes in the cybersecurity portfolio