‹ Back to Act

Risk / detail

ACME Corp

Cloud data exfiltration

Mitigating External — APT
Annual loss expectancy
$1.1M
Loss event frequency
0.3 events/yr
Loss magnitude
$1.9M–$4.4M
Confidence
Medium

FAIR decomposition

Frequency
0.3 events/yr
×
Magnitude
$1.9M–$4.4M
=
ALE
$1.1M

The unencrypted legacy store (f-phi) raises both the probability of a reportable exfiltration and its magnitude. Encryption + KMS migration moves this from Open to Mitigating.

Top controls

NIST PR.DSFedRAMP SC-7

Driven by

critical
Unencrypted patient data in a legacy datastore
Close this to cut the ALE →