Cyber Risk Register — FAIR Quantification & Portfolio Management | Resiliently

The Problem

Cyber risks in insurance companies are often assessed qualitatively — "high", "medium", "low". That's not enough. An underwriter needs to know: How much does it cost in the worst case? And: How likely is it?

The Solution: FAIR Model

FAIR (Factor Analysis of Information Risk) is the only internationally recognized standard model for financially quantifying cyber risk. It answers two questions:

Loss Event Frequency (LEF)

How often per year?

0.3x/year = 30% probability of an incident this year.

Primary Loss (PL)

What does a single incident cost?

€1M to €13.5M depending on scenario. Most likely: €3.4M.

Monte Carlo Simulation

We simulate 10,000 possible scenarios for each risk. The result:

VaR 95%:€9.3M

Meaning:In 19 out of 20 years, losses won't exceed this

What you see on this page

4 perspectives on the same risk portfolio:

Executive — Heatmap + Top 5 risks + financial KPIs
Underwriter — Table with trigger, VaR, control status
Risk Engineer — FAIR parameters (LEF, PL, SL) per risk
CISO — KPIs: critical risks, overdue reviews, control gaps

LOTL 2.0 Incident Tracker: Documented Cases of AI-Augmented Living-Off-the-Land Attacks (2025–2026)

The Resilience Stack™: A 5-Layer Framework for Cyber Insurance Risk Assessment

NIS2 Compliance Is Now an Underwriting Requirement — Every Broker's Duty of Care

Risk Register

What is Cyber Risk Quantification?

The Problem

The Solution: FAIR Model

Monte Carlo Simulation

What you see on this page