- December 8, 2023: Updated to reflect model and UI changes.
- June 2, 2023: Removed reference to Event Type.
- February 10, 2023: Added description of Likeliest Potential Loss Range.
- Admin and Group Admin may view quantifications by default.
- View permissions may be enabled for Portfolio Managers and Users.
Once a quantification is complete, you can review it from the Financial Quantification page. This page includes the following panels:
- Peer Exposure Comparison
- Likeliest Potential Loss Range
- Probability of 1+ Events Per Year
- Cyber Loss Exposure
- Business Profile
- Cyber Risk by Impact Scenario - Single Loss Exposure
- Cyber Risk by Impact Scenario - Annualized Loss Exposure
Use the All Analyses button to open the Previous Analysis sheet and review previous quantifications run for a company.
Peer Exposure Comparison
This panel compares the total annualized risk of the company to its peers. Total annualized risk measures the potential financial impact expected from cyber incidents over a simulated year. It is calculated by estimating the expected loss for each scenario and multiplying that by its frequency, then summing these values across all scenarios. Comparing the company’s total annualized risk to that of peer companies provides insight into how it fares in terms of managing cyber risk.
Your company can have an annualized risk that is better than, similar to, or worse than the median annualized risk of your peer group.
This information is useful for decision-making around investments in cybersecurity measures and insurance coverage. If your total annualized risk is higher than that of your peers, it may indicate that you need to invest more in cybersecurity measures to mitigate the risk. If your total annualized risk is lower, you may be able to reduce your insurance coverage or allocate resources to other areas.
Likeliest Potential Loss Range
This panel reports the range of the most probable expected loss the company will face from a single loss event. It incorporates all risk scenarios from the 25th to the 75th percentile probabilities.
Use this information to inform decision-making and risk-management strategies, such as determining the appropriate level of cyber insurance coverage to purchase or prioritizing investments in cybersecurity controls and mitigation measures.
Probability of 1+ Events Per Year
The probability that the organization will experience at least one loss event within the following year, regardless of its severity.
Understanding this probability can help you:
- Estimate the likelihood of reporting a data breach or cyber incident to stakeholders or regulators.
- Inform risk management strategies and help prioritize resources for incident response planning.
- Evaluate the adequacy of disaster recovery and business continuity planning to ensure that the company can continue to operate in the event of a cyber incident.
Cyber Loss Exposure
This graph includes an exceedance probability (EP) curve that shows the probability of exceeding different damage levels from cyber events. It aggregates all the different scenarios and their probabilities to provide a holistic view of the organization's overall risk exposure.
For example, a point on the curve with an X-value of 10M and a Y-value of 60% should be interpreted as a 60% probability that the company will exceed damage of 10M from a cyber event.
The graph reports the following statistics:
- Low Exposure: 99% probability that the company will exceed damage of $XM from a single cyber event.
- Average Exposure: The average cost incurred over a simulated year (including the probability-weighted impact of extreme events). Used in long-term cost forecasting or insurance valuation calculations.
- High Exposure: 1% probability that the company will exceed damage of $XM from a single cyber event. This is used to assess against the company’s appetite for risk, or to compare against other business risks to identify where additional support may be required.
You can use this graph to:
- Determine the appropriate level of insurance coverage.
- Evaluate the cost-effectiveness of different risk mitigation strategies.
- Communicate risk information to the board and other stakeholders to build support for security initiatives and drive investment in risk management efforts.
This panel includes the Business Profile inputs provided during quantification setup and the date that the quantification was run.
Inputs can be adjusted between quantifications. See all inputs.
Cyber Risk by Impact Scenario - Single Loss Exposure
This panel displays a graph that estimates:
- The probability of a loss occurring due to each impact scenario in the next twelve months.
- The likeliest loss exposure range for each impact scenario.
- The company’s likeliest loss exposure range.
- The company’s maximum possible loss.
An impact scenario is an aggregation of events based on the type of impact they have. Events can have more than one impact (e.g., malware that both steals data and creates a network outage) and can be mapped to more than one scenario.
|3rd Party Service Provider Failure
|An outage, degradation, or disruption at the source causing the service to be temporarily unavailable or unreliable — or a malicious attack or event leading to data leakage, data alteration, or interruption of the service.
|Business Interruption (BI)
|Interruption of full operations for a period of time due to a cybersecurity event.
|Data Theft & Privacy
|The act of stealing digital assets stored on computers, servers, or electronic devices with the intent to compromise privacy or obtain confidential information.
|Ransomware & Extortion
|Campaigns that infiltrate organizations by exploiting unpatched software vulnerabilities that can expose the organization to major data losses or extortion in exchange for the data returned.
|The failure to meet specific cybersecurity standards and regulations.
Cyber Risk by Impact Scenario - Annualized Loss Exposure
This panel displays a graph that compares your Annualized Loss Exposure (ALE) your representative peer group.
ALE takes into account the frequency and size of loss events occurring and the size of loss for each impact scenario by simulating thousands of potential years in a Monte Carlo simulation. The metrics from this analysis estimate your exposure within a given year for each impact scenario and allow you to compare scenarios with different likelihoods of occurring. For each scenario, the key metrics are:
- Average Exposure: The mean of all simulated years of loss.
- High Exposure: The loss amount that the company has a 1% probability of exceeding in a given year.
- Peer Group Average and High Exposure: The same metrics for your representative peer group.