Cybersecurity risk assessment: Does Your Company Need It?