Event Risk Exposurebeta

Single-event Monte Carlo with multi-target controls and treatments. Compare baseline vs treated; see cost-benefit per treatment. The model edits below + the Run button is the full surface today — PDF export and the Knowledge Base methodology guide land in the next sprint slice.

Risk event

Causes

2 causes contributing to event likelihood (any-of aggregation).

CauseLikelihoodTargeted by
Phishing of staff credentialsTRI 5% – 15% – 30%1 control · 1 treatment
Malicious insider exfiltrationBand 2 · Unlikely (30%)1 control · 1 treatment

Impacts

2 impact dimensions contributing to event consequence (sum aggregation).

ImpactConsequenceTargeted by
Regulatory fines and penaltiesTRI $200,000 – $800,000 – $2,500,0001 control · 0 treatments
Reputational damage and churnPERT $100,000 – $500,000 – $3,000,0001 control · 1 treatment

Existing controls

2 existing controls applied to the baseline simulation. Each control can reduce likelihood AND/OR consequence across multiple targets.

ControlTypeApplies toReduces
MFA enforcement on all SSO accountsPreventive
Phishing of staff credentialsMalicious insider exfiltration
L: 40%
Documented incident response runbookCorrective
Regulatory fines and penaltiesReputational damage and churn
C: 20%

Additional treatments

2 treatments applied on top of existing controls in the treated simulation. Each carries a cost — the engine returns per-treatment ROI on the results panel.

TreatmentTypeApplies toReducesCost
Comprehensive cyber training program (annual)Preventive
Phishing of staff credentialsReputational damage and churn
L: 25% · C: 10%$180,000
DLP tooling rolloutPreventive
Malicious insider exfiltration
L: 35%$240,000

Simulation

10 000 is enough to stabilise headline numbers on a model of this size. Bigger runs tighten the cost-benefit marginal estimates.