Technical Debt: Dave Ramsey, where are you?

So now the question becomes, how do we measure our “security debt” when performing an audit? Because we really need to realize that our debt will be paid by our partners and our customers. It is commonly skipped over that the penalty for not securing our systems, sadly, is never paid by the people who chose not to secure the systems.