Learn more about available risk scenarios in Cyber Risk Quantification.
A risk scenario uses a specific combination of attack techniques, attack outcomes,
and business resources to describe how a cyber threat can impact your organization.
Scenario names follow the convention: attack outcome of business resource via attack
technique. Components that do not apply to a given scenario are not displayed in the
name.
For each enabled scenario, Cyber Risk Quantification analyzes the likelihood of occurrence
and estimates the potential financial loss. The calculation also considers your organization's
attack and threat detection history, connected data sources, peer data from similar
industries and regions, global threat intelligence, and business self-assessment data.
Results are presented as a predicted likelihood range and sets of estimated monetary
losses. A confidence level reflecting the completeness of available data is included.
The following table provides descriptions of some available risk scenarios.
|
Risk scenario
|
Description
|
|
Ransomware with data encryption
|
Threat actors access your organization's data and encrypt it, blocking access until
your organization pays a ransom.
|
|
Ransomware with data encryption via phishing
|
Threat actors access your organization's data through phishing techniques and encrypt
it, blocking access until your organization pays a ransom.
|
|
Ransomware with data exfiltration
|
Threat actors access your organization's data, transfer it to external systems, and
then encrypt it, blocking access or threatening publication until your organization
pays a ransom.
|
|
Data exfiltration
|
Threat actors access your organization's data and transfer it to external systems.
|
|
Data exfiltration via phishing
|
Threat actors access your organization's data through phishing techniques and transfer
it to external systems.
|
|
Data exfiltration of PII
|
Threat actors gain access to personally identifiable information (PII) in your organization
and transfer it to external systems.
|
|
Data exfiltration of PHI
|
Threat actors gain access to protected health information (PHI) in your organization
and transfer it to external systems.
|
|
Data exfiltration of PCI
|
Threat actors gain access to payment card industry (PCI) data in your organization
and transfer it to external systems.
|
|
Data exfiltration of sensitive information
|
Threat actors gain access to sensitive or valuable data in your organization and transfer
it to external systems.
|
|
Data leakage
|
Sensitive or valuable data in your organization's network is exposed due to misconfigurations,
employee error, or inadequate data handling practices.
|
|
Financial fraud via BEC
|
Threat actors fraudulently receive money, financial assets, or sensitive financial
information from your organization by using compromised or spoofed email accounts
to impersonate trusted individuals.
|
|
Financial fraud via phishing
|
Threat actors fraudulently receive money, financial assets, or sensitive financial
information from your organization through phishing techniques, including the use
of fraudulent emails, text messages, or websites.
|
|
Business interruption via DDoS attack
|
Threat actors flood your organization's servers, services, or networks with internet
traffic to disrupt business activity.
|
|
Business interruption via wiper attack
|
Threat actor malware permanently erases or corrupts data in your organization's information
systems to disrupt business activity.
|
|
Business interruption via malicious data corruption
|
Threat actors intentionally target and corrupt or alter specific data in your organization
to disrupt business activity.
|
|
Business interruption via system outage
|
IT infrastructure, services, or systems in your organization experience an unplanned
interruption in availability due to a cyberattack, hardware or software failure or
misconfiguration, power disruption, or human error.
|