I came across a great page from Microsoft that will help you assess your security risk.
Fill out the form with a dollar value for each of the options you choose and it will help you see how each of these breaches of security cost your company lost revenue. (If your not sure of the $ value, Microsoft has some examples for each of the items and their associated costs.)
The threat risk assessment covers the following;
If patching your server fleet is difficult to get approved through your change approval board, for lack of adequate roll back in case of an issue with a deployed update, SnaPatch can help. SnaPatch will take a snapshot of your virtual servers (Vmware of HyperV) and only if the snapshot is successful, will it then allow your existing System Centre Configuration Manager (SCCM) to deploy updates to those servers. If the snapshot isnt successful, then no updates are deployed. The whole process is automated with email updates during the snapshot and deployment. Find out more @ Smikar Software