I purchased a book upon a recommendation from a colleague, “How to Measure Anything in Cybersecurity Risk” because of my interest in cybersecurity and the impacts on different IT projects. The idea of how we measure risk or success in business seems so arbitrary to me. I want to understand what the big deal is with assigning a number or a metric to everything and why is it so important? Every business course I’ve taken references financial ratios at some point in the semester and the MIS courses reinforce the importance of KPI’s and SMART objectives. Coincidentally, one of the articles assigned this week was also written by the author of this Cybersecurity book, Douglas Hubbard. After reading the articles assigned for this course so far and the case analysis on Cirque du Soleil, it became apparent to me that it must be accountability. How are IT professionals held accountable? It seems that finding a way to measure the “intangibles” allows companies to measure the value add of IT professionals independently from the necessity and performance of our systems and hardware. It is easy to blame our problems on bad technology but when you start measuring success and risk in IT, you can start holding people accountable. So what are some of the top reasons to hold people accountable in business and more specifically IT?