Do you stay cool when you read headlines about ransomware such as WannaCry and Petya or does it worry you? In the first case, you have your IT under control, evaluated the risks in an assessment and took some measures. In the second case, it is probably about time to address the issue. The next step in both cases is a cyber security assessment. This is why:
Are the risks known and documented?