To communicate the risk of data loss to an executive or board level audience, conversations and calculations need to move beyond the likelihood of an incident occurring. CISOs need to effectively assess the potential cost and reputational impact of an incident, in using data and terms in which the board is versant. However, while this ideology is not new, there are many good reasons why little progress has been made to move beyond the rhetoric and establish a usable methodology for evaluating Data Loss Impact.