Loss Variables Definitions

Updated on 20 Mar 2024
5 Minutes to read

Print
Dark

Light

Article summary

Did you find this summary helpful?

Thank you for your feedback

Overview

The ThreatConnect^® Risk Quantifier (RQ) platform uses loss variables in some of its financial and probability calculations. Default values for these variables are provided, but users with the appropriate permissions may modify these values. This article provides definitions for the loss types listed on the Loss Variables tab of the Model Tuning screen within the settings for a Legal Entity.

Before You Start

Minimum Role(s)	RQ Pro Read Only for viewing loss variables RQ Pro Editor, RQ Pro Administrator, or RQ Enterprise Administrator for editing loss variables
Prerequisites	None

PHI Data Breach

Table 1 defines the loss types for the personal health information (PHI) data breach attack type.

Loss Type	Definition
GDPR Fines (%)	The percentage of global revenue you would expect to be fined due to General Data Protection Regulation (GDPR) violations
HIPAA Fines ($)	The amount you would expect to be fined for losing PHI data
Legal Impact ($)	The legal costs (settlement and legal fees) associated with a cyber event
Per Record Flat Fees ($) – Between 100M and 500M Records	The costs associated with notification, PR, and other non-categorized losses due to losing PHI records for a loss of between 100 million and 500 million records
Per Record Flat Fees ($) – Between 10M and 30M Records	The costs associated with notification, PR, and other non-categorized losses due to losing PHI records for a loss of between 10 million and 30 million records
Per Record Flat Fees ($) – Between 30M and 100M Records	The costs associated with notification, PR, and other non-categorized losses due to losing PHI records for a loss of between 30 million and 100 million records
Per Record Flat Fees ($) – Greater than 500M	The costs associated with notification, PR, and other non-categorized losses due to losing PHI records for a loss of greater than 500 million records
Per Record Flat Fees ($) – Less than 10M Records	The costs associated with notification, PR, and other non-categorized losses due to losing PHI records for a loss of fewer than 10 million records
Remediation Cost ($)	The amount you would expect to pay to remediate, or clean up, the breach in order to restore service to pre-breach functionality

PCI Data Breach

Table 2 defines the loss types for the Payment Card Industry (PCI) data breach attack type.

Loss Type	Definition
GDPR Fines (%)	The percentage of global revenue you would expect to be fined due to GDPR violations
Legal Impact ($)	The legal costs (settlement and legal fees) associated with a cyber event
PCI Fines ($)	The amount you would expect to be fined due to Payment Card Industry Data Security Standard (PCI DSS) violations
Per Record Flat Fees ($) – Between 100M and 500M Records	The costs associated with notification, PR, and other non-categorized losses due to losing PCI records for a loss of between 100 million and 500 million records
Per Record Flat Fees ($) – Between 10M and 30M Records	The costs associated with notification, PR, and other non-categorized losses due to losing PCI records for a loss of between 10 million and 30 million records
Per Record Flat Fees ($) – Between 30M and 100M Records	The costs associated with notification, PR, and other non-categorized losses due to losing PCI records for a loss of between 30 million and 100 million records
Per Record Flat Fees ($) – Greater than 500M	The costs associated with notification, PR, and other non-categorized losses due to losing PCI records for a loss of greater than 500 million records
Per Record Flat Fees ($) – Less than 10M Records	The costs associated with notification, PR, and other non-categorized losses due to losing PCI records for a loss of fewer than 10 million records
Remediation Cost ($)	The amount you would expect to pay to remediate, or clean up, the breach in order to restore service to pre-breach functionality

PII Data Breach

Table 3 defines the loss types for the personally identifiable information (PII) data breach attack type.

Loss Type	Definition
GDPR Fines (%)	The percentage of global revenue you would expect to be fined due to GDPR violations
Legal Impact ($)	The legal costs (settlement and legal fees) associated with a cyber event
Per Record Flat Fees ($) – Between 100M and 500M Records	The costs associated with notification, PR, and other non-categorized losses due to losing PII records for a loss of between 100 million and 500 million records
Per Record Flat Fees ($) – Between 10M and 30M Records	The costs associated with notification, PR, and other non-categorized losses due to losing PII records for a loss of between 10 million and 30 million records
Per Record Flat Fees ($) – Between 30M and 100M Records	The costs associated with notification, PR, and other non-categorized losses due to losing PII records for a loss of between 30 million and 100 million records
Per Record Flat Fees ($) – Greater than 500M	The costs associated with notification, PR, and other non-categorized losses due to losing PII records for a loss of greater than 500 million records
Per Record Flat Fees ($) – Less than 10M Records	The costs associated with notification, PR, and other non-categorized losses due to losing PII records for a loss of fewer than 10 million records
Remediation Cost ($)	The amount you would expect to pay to remediate, or clean up, the breach in order to restore service to pre-breach functionality

DDoS

Table 4 defines the loss types for the distributed denial-of-service (DDoS) data breach attack type.

Loss Type	Definition
Business Interruption Cost Per Hour ($)	The amount that an hour of downtime due to a DDoS attack would cost
Legal Impact ($)	The legal costs (settlement and legal fees) associated with a cyber event
Revenue Cost hours	The number of hours you would expect an outage caused by a DDoS attack to last

Ransomware

Table 5 defines the loss types for the ransomware data breach attack type.

Loss Type	Definition
Legal Impact ($)	The legal costs (settlement and legal fees) associated with a cyber event
Ransom Cost ($)	The amount you would expect to pay in extortion, or ransom fees, due to a ransomware attack
Remediation Cost ($)	The amount you would expect to pay to remediate, or clean up, the breach in order to restore service to pre-breach functionality
Revenue Cost hours	The number of hours you would expect an outage caused by a ransomware attack to last

Wiper

Table 6 defines the loss types for the wiper data breach attack type.

Loss Type	Definition
Legal Impact ($)	The legal costs (settlement and legal fees) associated with a cyber event
Remediation Cost ($)	The amount you would expect to pay to remediate, or clean up, the breach in order to restore service to pre-breach functionality
Revenue Cost hours	The number of hours you would expect an outage caused by a wiper attack to last

ThreatConnect^® is a registered trademark of ThreatConnect, Inc.

20134-01 v.01.B

Was this article helpful?

What's Next

ThreatConnect Risk Quantifier User Roles and Permissions

Table of contents

Overview
Before You Start
PHI Data Breach
PCI Data Breach
PII Data Breach
DDoS
Ransomware
Wiper