The reflex answer is “cost.”
But saying “cost” alone is an oversimplification.
Breached or ransomed companies pay inordinate sums to restore their data, restore their business operations, and restore their reputation. They pay the cost in loss of business, pay for the interruptions in their operations, and potentially pay for loss of customers, loss of IP, and loss of money either pilfered or paid in ransom. Unfortunately, in many such cases for the smaller business, at its worst it can become a desperate act of survival.
A lack of cyber resilience typically stems from leadership not understanding the risks, not believing it could happen to them, and thus not appreciating the value of mitigating such risk
Cybersecurity is a fluid battle requiring knowledge, investment and vigilance for success.
The bottom line: Understand the environment, understand what’s at risk, and budget to effectively mitigate against it.