Security Performance Management
Continuous Monitoring
Cyber Insurance
National Cybersecurity

Articles in this section

Viewing and Downloading Quantifications

Avatar
Ingrid
Follow
  • June 2, 2023: Removed reference to Event Type.
  • February 10, 2023: Added description of Likeliest Potential Loss Range.
  • May 24, 2022: Published

⇤ Using Financial Quantification

  • Admin and Group Admin may view quantifications by default.
  • View permissions may be enabled for Portfolio Managers and Users.

See view quantification user permissions.

SPM App: menu-dashboards.png Dashboards ➔ Financial Quantification

Select the Reports and Assessments link in the top-right to download the full results as a PDF (Export Page PDF). The user inputs can also be downloaded as a CSV (Export Inputs CSV).

Total Annual Cyber Risk Exposure

This exceedance probability (EP) graph shows the probability of exceeding different damage levels from cyber events.

Example: A point on the graph with an X-value of 10M and a Y-value of 60% can be interpreted as having a 60% probability that the company will exceed damage of 10M from cyber events.

Different parts of the curve can inform and drive strategic decisions. The right side of the curve provides context about the amount of risk to transfer via cyber insurance; the left side can justify improvements in security posture.

The graph includes the following values:

  • Low Exposure = 98% chance of loss exceeding this loss amount.
  • Weighted Average Exposure = The mean across all years.
  • High Exposure = 1% chance of loss exceeding this loss amount.
  • Likeliest Potential Loss Range = 50% chance of the loss amount being within this loss range (25th to 75th percentile).

The graph may also include two optional inputs:

  • Deductible = the company's cyber insurance deductible. Hover over the legend to view the probability of hitting this value.
  • Coverage Limit = the company's cyber insurance coverage limit. Hover over the legend to view the probability of hitting this value.

Business Profile

The quantification model combines information about the organization’s business, technologies used, security posture, threat environment, and a historical financial impact of a wide range of cyber incidents globally.

The inputs can be adjusted to improve the accuracy of the results. See all inputs.

Cyber Risk by Impact Scenario

The quantification results are broken down into the following impact scenarios, which are an aggregation of events based on the type of impact:

Impact Scenario Description Possible Damages
3rd Party Liability Compensation claims against the organization when it’s believed that the organization is responsible for a third party’s damages or losses.
  • Legal defense
  • Settlements
3rd Party Service Provider Failure An outage, degradation, or disruption at the source causing the service to be temporarily unavailable or unreliable — or a malicious attack or event leading to data leakage, data alteration, or interruption of the service.
  • Business Interruption (BI) recovery expenses
  • Lost income
  • Public relations repairment
Business Interruption (BI) Interruption of full operations for a period of time due to a cybersecurity event.
  • BI forensics
  • BI recovery expenses
  • Lost income
  • Public relations repairment
Data Theft & Privacy The act of stealing digital assets stored on computers, servers, or electronic devices with the intent to compromise privacy or obtain confidential information.
  • Data recovery monitoring services
  • Forensics
  • Notifications
  • Public relations repairment
Ransomware & Extortion Campaigns that infiltrate organizations by exploiting unpatched software vulnerabilities that can expose the organization to major data losses or extortion in exchange for the data returned.
  • Extortion payment
  • Extortion recovery expenses
Regulation Compliance The failure to meet specific cybersecurity standards and regulations.
  • Regulatory fines
  • Regulatory legal defense

The exceedance probability (EP) graph in the Cyber Risk by Impact Scenario panel shows the probability of each scenario exceeding a given level of loss exposure. An event can have more than one impact (e.g., malware that both steals data and creates a network outage). An event can be mapped to more than one scenario.

Compare the results across scenarios to determine which situations are driving the most significant potential losses and which are driving losses with higher probability. Try turning impact scenarios on and off with the check boxes at the top of the graph to get a focused view of each scenario.

The detail card for each of the impact scenarios provides more context about the model outputs for each scenario, which includes:

  • The probable maximum loss (right side of the graph).
  • The likelihood of a scenario to occur.
  • How much a scenario contributes to the total loss.
  • It highlights damage types, which are the actual types of expense that would be incurred if the scenario should occur.

Impact Scenario Exposure Summary

This table compares the magnitude of loss exposure across impact scenarios.

Cyber Insights

Each quantification run represents tens of thousands of events.

Select the [Impact Scenario] Cyber Insights button at the bottom of each card to view the scenario details:

  • Event Cause: Attack or service.
  • Duration: The duration of the event.
  • Technologies Impacted: The impacted service.
  • Damage Types: The type of damage associated with the event.

 

 

Related articles