Executives overseeing cyber security need to understand how to translate technical risk to business risk and what the business impact will be if a threat is realized