In any field work, safety is the most important thing. Yet, we cannot totally eliminate the likelihood of fatality no matter which types of organization. What we can do is to demonstrate that there is safety system, culture, management committment, user education, pre-work assessment to reduce the likelihood.
Likewise, there no 100% cyber secure business. Do not introduce unnecessary controls or else more chance of human error, technology failure that all these will impact the business outcome rather adding protection.
Think also the likelihood of exploit from physical aspect rather than just drill down in the cyber aspect. The best strategy is to ensure resilience to resume business operation because there are too many threats in the wild that we don’t know. We can only protect what we know and that is worth to protect.