- June 2, 2023: Removed reference to Event Type.
- February 10, 2023: Added description of Likeliest Potential Loss Range.
- May 24, 2022: Published
- Admin and Group Admin may view quantifications by default.
- View permissions may be enabled for Portfolio Managers and Users.
- Total Annual Cyber Risk Exposure
- Business Profile
- Cyber Risk by Impact Scenario
- Impact Scenario Exposure Summary
- Cyber Insights
Total Annual Cyber Risk Exposure
This exceedance probability (EP) graph shows the probability of exceeding different damage levels from cyber events.
Example: A point on the graph with an X-value of 10M and a Y-value of 60% can be interpreted as having a 60% probability that the company will exceed damage of 10M from cyber events.
Different parts of the curve can inform and drive strategic decisions. The right side of the curve provides context about the amount of risk to transfer via cyber insurance; the left side can justify improvements in security posture.
The graph includes the following values:
- Low Exposure = 98% chance of loss exceeding this loss amount.
- Weighted Average Exposure = The mean across all years.
- High Exposure = 1% chance of loss exceeding this loss amount.
- Likeliest Potential Loss Range = 50% chance of the loss amount being within this loss range (25th to 75th percentile).
The graph may also include two optional inputs:
- Deductible = the company's cyber insurance deductible. Hover over the legend to view the probability of hitting this value.
- Coverage Limit = the company's cyber insurance coverage limit. Hover over the legend to view the probability of hitting this value.
The quantification model combines information about the organization’s business, technologies used, security posture, threat environment, and a historical financial impact of a wide range of cyber incidents globally.
The inputs can be adjusted to improve the accuracy of the results. See all inputs.
Cyber Risk by Impact Scenario
The quantification results are broken down into the following impact scenarios, which are an aggregation of events based on the type of impact:
|Impact Scenario||Description||Possible Damages|
|3rd Party Liability||Compensation claims against the organization when it’s believed that the organization is responsible for a third party’s damages or losses.||
|3rd Party Service Provider Failure||An outage, degradation, or disruption at the source causing the service to be temporarily unavailable or unreliable — or a malicious attack or event leading to data leakage, data alteration, or interruption of the service.||
|Business Interruption (BI)||Interruption of full operations for a period of time due to a cybersecurity event.||
|Data Theft & Privacy||The act of stealing digital assets stored on computers, servers, or electronic devices with the intent to compromise privacy or obtain confidential information.||
|Ransomware & Extortion||Campaigns that infiltrate organizations by exploiting unpatched software vulnerabilities that can expose the organization to major data losses or extortion in exchange for the data returned.||
|Regulation Compliance||The failure to meet specific cybersecurity standards and regulations.||
The exceedance probability (EP) graph in the Cyber Risk by Impact Scenario panel shows the probability of each scenario exceeding a given level of loss exposure. An event can have more than one impact (e.g., malware that both steals data and creates a network outage). An event can be mapped to more than one scenario.
Compare the results across scenarios to determine which situations are driving the most significant potential losses and which are driving losses with higher probability. Try turning impact scenarios on and off with the check boxes at the top of the graph to get a focused view of each scenario.
The detail card for each of the impact scenarios provides more context about the model outputs for each scenario, which includes:
- The probable maximum loss (right side of the graph).
- The likelihood of a scenario to occur.
- How much a scenario contributes to the total loss.
- It highlights damage types, which are the actual types of expense that would be incurred if the scenario should occur.
Impact Scenario Exposure Summary
This table compares the magnitude of loss exposure across impact scenarios.
Each quantification run represents tens of thousands of events.
Select the [Impact Scenario] Cyber Insights button at the bottom of each card to view the scenario details:
- Event Cause: Attack or service.
- Duration: The duration of the event.
- Technologies Impacted: The impacted service.
- Damage Types: The type of damage associated with the event.