Justify security spend or build a business case
Reduce spent and increase risk reduction
Comply with NIS 2 requirements on risk management
