Loss Variables Definitions
  • 20 Mar 2024
  • 5 Minutes to read
  • Dark
    Light

Loss Variables Definitions

  • Dark
    Light

Article summary

Overview

The ThreatConnect® Risk Quantifier (RQ) platform uses loss variables in some of its financial and probability calculations. Default values for these variables are provided, but users with the appropriate permissions may modify these values. This article provides definitions for the loss types listed on the Loss Variables tab of the Model Tuning screen within the settings for a Legal Entity.

Before You Start

Minimum Role(s)
  • RQ Pro Read Only for viewing loss variables
  • RQ Pro Editor, RQ Pro Administrator, or RQ Enterprise Administrator for editing loss variables
PrerequisitesNone

PHI Data Breach

Table 1 defines the loss types for the personal health information (PHI) data breach attack type.

 

Loss TypeDefinition

GDPR Fines (%)

The percentage of global revenue you would expect to be fined due to General Data Protection Regulation (GDPR) violations

HIPAA Fines ($)

The amount you would expect to be fined for losing PHI data

Legal Impact ($)

The legal costs (settlement and legal fees) associated with a cyber event

Per Record Flat Fees ($) – Between 100M and 500M Records

The costs associated with notification, PR, and other non-categorized losses due to losing PHI records for a loss of between 100 million and 500 million records

Per Record Flat Fees ($) – Between 10M and 30M Records

The costs associated with notification, PR, and other non-categorized losses due to losing PHI records for a loss of between 10 million and 30 million records

Per Record Flat Fees ($) – Between 30M and 100M Records

The costs associated with notification, PR, and other non-categorized losses due to losing PHI records for a loss of between 30 million and 100 million records

Per Record Flat Fees ($) – Greater than 500M

The costs associated with notification, PR, and other non-categorized losses due to losing PHI records for a loss of greater than 500 million records

Per Record Flat Fees ($) – Less than 10M Records

The costs associated with notification, PR, and other non-categorized losses due to losing PHI records for a loss of fewer than 10 million records

Remediation Cost ($)

The amount you would expect to pay to remediate, or clean up, the breach in order to restore service to pre-breach functionality

PCI Data Breach

Table 2 defines the loss types for the Payment Card Industry (PCI) data breach attack type.

 

Loss TypeDefinition

GDPR Fines (%)

The percentage of global revenue you would expect to be fined due to GDPR violations

Legal Impact ($)

The legal costs (settlement and legal fees) associated with a cyber event

PCI Fines ($)

The amount you would expect to be fined due to Payment Card Industry Data Security Standard (PCI DSS) violations

Per Record Flat Fees ($) – Between 100M and 500M Records

The costs associated with notification, PR, and other non-categorized losses due to losing PCI records for a loss of between 100 million and 500 million records

Per Record Flat Fees ($) – Between 10M and 30M Records

The costs associated with notification, PR, and other non-categorized losses due to losing PCI records for a loss of between 10 million and 30 million records

Per Record Flat Fees ($) – Between 30M and 100M Records

The costs associated with notification, PR, and other non-categorized losses due to losing PCI records for a loss of between 30 million and 100 million records

Per Record Flat Fees ($) – Greater than 500M

The costs associated with notification, PR, and other non-categorized losses due to losing PCI records for a loss of greater than 500 million records

Per Record Flat Fees ($) – Less than 10M Records

The costs associated with notification, PR, and other non-categorized losses due to losing PCI records for a loss of fewer than 10 million records

Remediation Cost ($)

The amount you would expect to pay to remediate, or clean up, the breach in order to restore service to pre-breach functionality

PII Data Breach

Table 3 defines the loss types for the personally identifiable information (PII) data breach attack type.

 

Loss TypeDefinition

GDPR Fines (%)

The percentage of global revenue you would expect to be fined due to GDPR violations

Legal Impact ($)

The legal costs (settlement and legal fees) associated with a cyber event

Per Record Flat Fees ($) – Between 100M and 500M Records

The costs associated with notification, PR, and other non-categorized losses due to losing PII records for a loss of between 100 million and 500 million records

Per Record Flat Fees ($) – Between 10M and 30M Records

The costs associated with notification, PR, and other non-categorized losses due to losing PII records for a loss of between 10 million and 30 million records

Per Record Flat Fees ($) – Between 30M and 100M Records

The costs associated with notification, PR, and other non-categorized losses due to losing PII records for a loss of between 30 million and 100 million records

Per Record Flat Fees ($) – Greater than 500M

The costs associated with notification, PR, and other non-categorized losses due to losing PII records for a loss of greater than 500 million records

Per Record Flat Fees ($) – Less than 10M Records

The costs associated with notification, PR, and other non-categorized losses due to losing PII records for a loss of fewer than 10 million records

Remediation Cost ($)

The amount you would expect to pay to remediate, or clean up, the breach in order to restore service to pre-breach functionality

DDoS

Table 4 defines the loss types for the distributed denial-of-service (DDoS) data breach attack type.

 

Loss TypeDefinition

Business Interruption Cost Per Hour ($)

The amount that an hour of downtime due to a DDoS attack would cost

Legal Impact ($)

The legal costs (settlement and legal fees) associated with a cyber event

Revenue Cost hours

The number of hours you would expect an outage caused by a DDoS attack to last

Ransomware

Table 5 defines the loss types for the ransomware data breach attack type.

 

Loss TypeDefinition

Legal Impact ($)

The legal costs (settlement and legal fees) associated with a cyber event

Ransom Cost ($)

The amount you would expect to pay in extortion, or ransom fees, due to a ransomware attack

Remediation Cost ($)

The amount you would expect to pay to remediate, or clean up, the breach in order to restore service to pre-breach functionality

Revenue Cost hours

The number of hours you would expect an outage caused by a ransomware attack to last

Wiper

Table 6 defines the loss types for the wiper data breach attack type.

 

Loss TypeDefinition

Legal Impact ($)

The legal costs (settlement and legal fees) associated with a cyber event

Remediation Cost ($)

The amount you would expect to pay to remediate, or clean up, the breach in order to restore service to pre-breach functionality

Revenue Cost hours

The number of hours you would expect an outage caused by a wiper attack to last


ThreatConnect® is a registered trademark of ThreatConnect, Inc.

20134-01 v.01.B


Was this article helpful?