Any risk management should be focused on the addressing it when it manifests.Â
Yes, there are some benefits in calculating ALE for supporting budgeting for procuring particular solution. We just need to be reminded that it's rarely the solution itself, but how effectively it's integrated into the entire defense and protection.
The very essence of cybersecurity is risk management aka disrupting the breach (which presides the risk to actualize fully) when it is detected and denying as many TTPs as possible.