The cybersecurity risk calculator asks a series of questions designed to capture the factors that affect the expected losses to your business from cybersecurity incidents. These questions include the size of the business, the IT infrastructure and systems and current cyber defences. The calculator then determines the expect losses from cybersecurity incidents and the return on investment of further defences and mitigations.

The cybersecurity risk calculator fills the gap between general statistics and advice provided by the government agencies, and commercial risk analysis services provided by cybersecurity consultants.

The cybersecurity risk calculator should take 5 minutes of your time. We believe it will be 5 minutes well spent.

In Malaysia the definition of a SME is a business with between 5 and 75 staff and an annual revenue between RM300,000 and RM75,000,000.

This involves modifying the sets of probability distributions that model the success rates of cyber attacks, types and magnitude of damage caused and the resulting financial losses based on the answers to the questions in the calculator. The modified probability distributions are used to generate random cyber attacks and determine the losses caused for one financial year. This process is repeated 50,000 times and the attacks and resulting damages analysed statistically to give the expected losses and return-on-investment associated with implementing further defences and mitigations.

Government agencies can use the calculator to determine the likely effectiveness of cybersecurity policy initiatives just adjusting the underlying probability distributions and running the simulator against a range of different company profiles.