Treating the NIST Cybersecurity Framework as a business requirement is a strong step toward preventing breaches.