Understanding the risk an organisation is exposed to enables them to manage their risk appropriately, put the right security controls in place which when properly monitored reduces their risk and finally helps in achieving a high level of regulatory compliance and brings them a step closer in achieving accreditations such as ISO27001 or aligning themselves to other security frameworks such as SCF, NIST etc.