The organization understands the cybersecurity risk to organizational operations (including mission, functions, image or reputation), organizational assets and individuals.