A hospital's executive steering committee is concerned about the increasing number of cyber attacks on patient data systems across the industry. The committee has asked the CIO to provide regular reporting with information that will help provide better oversight of cyber-related risk to the hospital. Including which of the following in the report would be MOST helpful to the committee?

A. Status of key risk indicators
B. Current business impact levels
C. IT operations gap assessment
D. Cybersecurity risk benchmarks