‹ Back to Act

Risk / detail

ACME Corp

Ransomware

Open Endpoint encryption / extortion
Annual loss expectancy
$1.8M
Loss event frequency
0.4 events/yr
Loss magnitude
$3.2M–$6.1M
Confidence
High

FAIR decomposition

Frequency
0.4 events/yr
×
Magnitude
$3.2M–$6.1M
=
ALE
$1.8M

Privileged-access exposure (f-mfa) is the dominant driver: a single admin compromise lets an operator stage encryption across the estate. Closing the MFA gap is modeled to cut this scenario’s ALE by roughly half.

Top controls

PCI R5CIS 10NIST PR.DS

Driven by

critical
MFA not enforced for privileged cloud access
Close this to cut the ALE →