An indicative estimate of your annual cyber loss exposure
— built on FAIR, run in your browser, ready in 60 seconds.
Self-assess your organisation and choose a cyber scenario. The engine runs 10,000 Monte Carlo iterations using pre-calibrated PERT distributions derived from Cyentia IRIS, Verizon DBIR, IBM Cost of a Data Breach and OAIC Notifiable Data Breaches — and returns an indicative Annualised Loss Expectancy with a full loss exceedance curve.
Calculations run locally in your browser. No inputs are transmitted or stored.
Read the curve left-to-right: the further right a point sits, the larger the potential loss; the vertical axis shows how likely it is to be exceeded in any given year.
Same scenario and organisation profile, modelled at Tier 2 (typical APRA-regulated peer) and Tier 4 (leading peer). The gap between your bar and the others is the value at stake in the maturity uplift conversation.
This snapshot uses pre-baked PERT distributions derived from public sources (Cyentia IRIS, Verizon DBIR, IBM Cost of a Data Breach, OAIC Notifiable Data Breaches) and a coarse NIST CSF Implementation Tier adjustment on vulnerability. It is deliberately simple.
It is not calibrated to your specific environment, control landscape, threat exposure, third-party risk posture, or APRA CPS 230 / CPS 234 obligations. It does not replace SME elicitation, it does not run the full Razata control efficacy model, and its outputs are not suitable for board reporting or regulatory submission.
For a board-grade quantification, the paid Razata CRQ engine runs 100,000 simulations across multi-scenario portfolios with SME-calibrated inputs, full control efficacy modelling, and mapping to APRA CPS 230 / CPS 234, NCA ECC-2:2024, SAMA CSF, and SOCI Act obligations.
Ready for the calibrated version, or have questions about the snapshot? Reach out and we'll route your enquiry to the right team.