Both security and business leaders struggle to understand to what degree security incidents can impact business continuity, intellectual property, and damage to their reputation. Details of security need to be understood and communicated in the language of business risk. The inability to do so is what we call the “gap of grief.” And this gap stands in the way of being able to answer the critical question when an incident does occur… How bad is it?