The best value that should be assessed when evaluating the work of an information asset to an organization is replacement cost. While the risk of loss of data and the income of an organization is important, when a breach occurs, there will be an immediate effect that needs to be mitigated. Depending on the breach, it could cost millions of dollars to repair and further halts the possibility of generating income to mediate it. However, both replacement cost and lost revenue should still accounted for within a framework, even if they will fluctuate depending on the organization and how finances are focused. 

The likelihood value of a vulnerability that no longer requires consideration will be low but never zero. Any assets that exist within an organization have the potential to be exploited in some way. This means that while there may be little reason to consider it, the risk of it being exploited will always exist, and that possibility is something to look over. Acceptable risk is a part of any organization but needs to still be accounted for.

https://facilio.com/blog/replacement-asset-value/

https://www.pratum.com/blog/443-risk-assessment-likelihood-impact