‹ Back to Act

Risk / detail

ACME Corp

Third-party breach

Monitoring Supply chain
Annual loss expectancy
$310K
Loss event frequency
0.6 events/yr
Loss magnitude
$0.3M–$0.9M
Confidence
Low

FAIR decomposition

Frequency
0.6 events/yr
×
Magnitude
$0.3M–$0.9M
=
ALE
$310K

Vendor risk is broadly monitored; residual ALE reflects concentration in two SaaS processors that touch customer data. No open finding drives this scenario today.

Top controls

NIST ID.SCSOC 2 CC9