More and more companies are becoming victims of cyber-attacks and most of these attacks are the result of a ransomware infection. Currently, there are few organizations that perform a quantitative analysis of cyber risks, allowing them to calculate their impact in monetary terms. In this paper, we propose a model with a quantitative approach, so that organizations can express in financial terms the potential impact of a ransomware attack. The proposed model was implemented in a process of a Peruvian company in the financial sector, with which an optimization of 32.2% in cybersecurity investment was achieved.