Assets generally include hardware (e.g. servers and switches), software (e.g. mission critical applications and support systems) and confidential information.
[1][2] Assets should be protected from illicit access, use, disclosure, alteration, destruction, and/or theft, resulting in loss to the organization.
[3] The goal of information security is to ensure the confidentiality, integrity and availability (CIA) of assets from various threats.
For example, a hacker might attack a system in order to steal credit card numbers by exploiting a vulnerability.
If a hacker makes a copy of all a company's credit card numbers it does not cost them anything directly but the loss in fines and reputation can be enormous.