Claim: EBITDA-at-risk $2.4M
- Source
- FAIR model + control evidence pack
- Confidence
- Model-based, source-linked (P10–P90)
- Freshness
- Reviewed before export · 6 days old
Sample Proof Pack · illustrative
Inspect the artifact before you engage.
This is a redacted, illustrative Proof Pack built from an anonymized design-partner scenario. Every figure is a decision-support estimate with method, source, confidence, and freshness shown — and a blocked-claim ledger that travels with the artifact.
Request a Proof Pack on your evidenceProof Pack — illustrative
Portco [REDACTED] · Manufacturing
EBITDA at risk (base)
$2.4MP10 $1.6M · Base $2.4M · P90 $3.5M — ~5.7% of a $42.0M EBITDA pool.
Top driver
Unpatched external attack surface → ransomware exposure. Remediation $180K → ~$2.2M EBITDA recovered (12× ROI).
Control: MFA coverage 58%
- Source
- Identity provider export (Okta)
- Confidence
- Automated — API verified
- Freshness
- Current · 1 day old
Finding: external attack surface
- Source
- Scanner export (Wiz / Tenable)
- Confidence
- Assisted — analyst reviewed
- Freshness
- Current · 3 days old
Remediation ROI: 12×
- Source
- Cost estimate + exposure delta
- Confidence
- Decision-support estimate
- Freshness
- Recomputed on evidence change
FAIR factors & assumptions (visible, challengeable)
| Factor | Assumption | Source |
|---|---|---|
| Loss event frequency | 0.35 events/yr (ransomware via external surface) | Scanner + threat baseline |
| Primary loss magnitude | $3.1M (IR, downtime, rebuild) | Sector incident data |
| Secondary loss magnitude | $3.4M (regulatory, churn, legal) | Sector incident data |
| Control modifier | MFA 58% → frequency uplift | Okta export (API-verified) |
| Simulation | 10,000 Monte Carlo runs | FAIR engine |
Remediation economics
| Item | Value |
|---|---|
| Remediation cost | $180K |
| EBITDA-at-risk removed (base) | $2.2M |
| EBITDA recovered per dollar | 12× |
| Exposure after fix (base) | $0.2M |
| Confidence band | P10 $1.6M · P90 $3.5M |
What the board sees (board-brief excerpt)
“Cyber exposure at Portco [REDACTED] is estimated at $2.4M of EBITDA at risk (P10 $1.6M / P90 $3.5M), ~5.7% of the EBITDA pool, driven primarily by an unpatched external attack surface and sub-60% MFA coverage. The recommended fix costs $180K and removes ~$2.2M of exposure — a 12× return. Method: FAIR-aligned Monte Carlo, 10,000 runs; every figure traces to a source system with freshness shown.”
Blocked-claim ledger — travels with the artifact
- BLOCKED — “SOC 2 Type II attested”: no current evidence. Will not publish until source is provided.
- BLOCKED — Third-party data-processor coverage: evidence stale (> 90 days). Requires owner refresh.
Illustrative sample from an anonymized design-partner scenario — not representative of any named firm. All figures are decision-support estimates (FAIR-aligned Monte Carlo), not actuarial, legal, or investment advice.
Next step
Want this built on your own evidence?
The design-partner engagement produces a real Proof Pack — an EBITDA bridge, board brief, or control-evidence package — you can use internally.