Cyber Threat Risk Score Calculator

ANALife Services AuthorityNational Calculator Authority›Cyber Threat Risk Score Calculator

.calc-container { max-width: 640px; margin: 2rem 0; padding: 1.5rem; background: #fff; border: 1px solid #ddd; border-radius: 8px; box-shadow: 0 1px 3px rgba(0,0,0,0.06); font-family: system-ui, -apple-system, sans-serif; } .calc-container h3 { font-family: Georgia, serif; font-size: 1.15rem; color: #1a1a1a; margin-bottom: 1rem; padding-bottom: 0.5rem; border-bottom: 2px solid var(--ac, #3d5a80); } .calc-row { display: flex; align-items: center; gap: 0.75rem; margin-bottom: 0.75rem; flex-wrap: wrap; } .calc-row label { min-width: 160px; font-size: 0.9rem; color: #333; font-weight: 500; } .calc-row input[type="number"], .calc-row select { flex: 1; min-width: 120px; max-width: 200px; padding: 0.5rem 0.6rem; border: 1px solid #ccc; border-radius: 4px; font-size: 0.9rem; font-family: system-ui, sans-serif; color: #1a1a1a; background: #fafaf8; } .calc-row input:focus, .calc-row select:focus { outline: none; border-color: var(--ac, #3d5a80); box-shadow: 0 0 0 2px rgba(26,74,138,0.12); } .calc-row .unit { font-size: 0.82rem; color: #888; min-width: 30px; } .calc-btn { display: inline-block; margin-top: 0.5rem; padding: 0.55rem 1.5rem; background: var(--ac, #3d5a80); color: #fff; border: none; border-radius: 4px; font-size: 0.9rem; font-weight: 600; cursor: pointer; font-family: system-ui, sans-serif; } .calc-btn:hover { opacity: 0.9; } .calc-result { margin-top: 1.25rem; padding: 1rem 1.25rem; background: #f0f6fc; border-left: 3px solid var(--ac, #3d5a80); border-radius: 0 6px 6px 0; display: none; } .calc-result.visible { display: block; } .calc-result-label { font-size: 0.78rem; text-transform: uppercase; letter-spacing: 0.06em; color: #666; margin-bottom: 0.25rem; } .calc-result-value { font-size: 1.6rem; font-weight: 700; color: var(--ac, #3d5a80); } .calc-result-detail { font-size: 0.85rem; color: #555; margin-top: 0.5rem; line-height: 1.5; } .calc-note { margin-top: 1rem; font-size: 0.8rem; color: #888; font-style: italic; } .calc-grid { display: grid; grid-template-columns: 1fr 1fr; gap: 0.75rem; margin-top: 0.75rem; } .calc-grid-item { padding: 0.6rem 0.8rem; background: #f8f9fa; border-radius: 4px; border: 1px solid #eee; } .calc-grid-item .label { font-size: 0.75rem; color: #888; text-transform: uppercase; letter-spacing: 0.04em; } .calc-grid-item .value { font-size: 1.1rem; font-weight: 600; color: #1a1a1a; } @media (max-width: 720px) { .calc-row { flex-direction: column; align-items: flex-start; gap: 0.3rem; } .calc-row label { min-width: auto; } .calc-row input[type="number"], .calc-row select { max-width: 100%; width: 100%; } .calc-grid { grid-template-columns: 1fr; } } .calc-chart { margin: 1rem 0; text-align: center; } .calc-chart svg { max-width: 100%; height: auto; } .calc-chart-legend { display: flex; flex-wrap: wrap; justify-content: center; gap: 0.6rem 1.2rem; margin-top: 0.6rem; font-size: 0.8rem; color: #555; } .calc-chart-legend span { display: inline-flex; align-items: center; gap: 0.3rem; } .calc-chart-legend i { display: inline-block; width: 10px; height: 10px; border-radius: 2px; font-style: normal; } .calc-related { max-width: 640px; margin: 2rem 0 1rem; padding: 1.25rem 1.5rem; background: #f8f9fa; border: 1px solid #e8e8e8; border-radius: 8px; } .calc-related h3 { font-family: Georgia, serif; font-size: 1rem; color: #1a1a1a; margin: 0 0 0.75rem; padding-bottom: 0.4rem; border-bottom: 2px solid var(--ac, #3d5a80); } .calc-related-list { list-style: none; padding: 0; margin: 0 0 0.75rem; display: grid; grid-template-columns: 1fr 1fr; gap: 0.4rem 1.5rem; } .calc-related-list li a { font-size: 0.88rem; color: var(--ac, #3d5a80); text-decoration: none; } .calc-related-list li a:hover { text-decoration: underline; } .calc-browse-all { margin: 0.5rem 0 0; font-size: 0.9rem; font-weight: 600; } .calc-browse-all a { color: var(--ac, #3d5a80); text-decoration: none; } .calc-browse-all a:hover { text-decoration: underline; } @media (max-width: 720px) { .calc-related-list { grid-template-columns: 1fr; } }

Cyber Threat Risk Score Calculator

Calculate a quantitative cyber threat risk score based on threat likelihood, asset impact, vulnerability severity, and control effectiveness using the NIST-aligned risk formula.

Threat Likelihood (1–10)

Probability that a threat will exploit a vulnerability (1 = very unlikely, 10 = near certain)

Asset Impact (1–10)

Business impact if the threat is realized (1 = negligible, 10 = catastrophic)

Vulnerability Severity (1–10)

CVSS-style severity of the exploitable weakness (1 = minimal, 10 = critical)

Control Effectiveness (0–100%)

How effective existing security controls are at mitigating the threat (0% = no controls, 100% = fully mitigated)

Exposure Window (hours/week, 1–168)

Hours per week the asset is exposed to the threat vector (168 = always on)

Calculate Risk Score

function cybCalc() { // --- Grab inputs --- var L = parseFloat(document.getElementById('cyb-likelihood').value); var I = parseFloat(document.getElementById('cyb-impact').value); var V = parseFloat(document.getElementById('cyb-vulnerability').value); var CE = parseFloat(document.getElementById('cyb-control').value); var EW = parseFloat(document.getElementById('cyb-exposure').value);

var resultDiv = document.getElementById('cyb-result'); var breakdownDiv = document.getElementById('cyb-breakdown');

// --- Validation --- var errors = []; if (isNaN(L) || L 10) errors.push("Threat Likelihood must be between 1 and 10."); if (isNaN(I) || I 10) errors.push("Asset Impact must be between 1 and 10."); if (isNaN(V) || V 10) errors.push("Vulnerability Severity must be between 1 and 10."); if (isNaN(CE) || CE 100) errors.push("Control Effectiveness must be between 0 and 100."); if (isNaN(EW) || EW 168) errors.push("Exposure Window must be between 1 and 168 hours.");

if (errors.length > 0) { resultDiv.style.display = 'block'; resultDiv.className = 'calc-result calc-error'; resultDiv.innerHTML = 'Input Errors:' + errors.map(function(e){ return ''; }).join('') + ''; breakdownDiv.style.display = 'none'; return; }

// --- Core Formula --- // Residual Likelihood = L * (V / 10) * (1 - CE/100) // Exposure Factor = EW / 168 // Raw Risk Score = Residual Likelihood * I * Exposure Factor // Normalized Score = (Raw Risk Score / 10) * 100 → scale 0–100

var residualLikelihood = L * (V / 10) * (1 - CE / 100); var exposureFactor = EW / 168; var rawRisk = residualLikelihood * I * exposureFactor; var normalizedScore = (rawRisk / 10) * 100;

// Clamp to 0–100 normalizedScore = Math.min(100, Math.max(0, normalizedScore));

// --- Risk Rating --- var rating, ratingColor, advice; if (normalizedScore >= 75) { rating = "Critical"; ratingColor = "#c0392b"; advice = "Immediate remediation required. Escalate to CISO. Implement emergency controls."; } else if (normalizedScore >= 50) { rating = "High"; ratingColor = "#e67e22"; advice = "Prioritize within current sprint. Patch vulnerabilities and strengthen controls within 30 days."; } else if (normalizedScore >= 25) { rating = "Medium"; ratingColor = "#f1c40f"; advice = "Schedule remediation within 90 days. Review control effectiveness and reduce exposure window."; } else if (normalizedScore >= 10) { rating = "Low"; ratingColor = "#27ae60"; advice = "Monitor and review quarterly. Maintain existing controls."; } else { rating = "Minimal"; ratingColor = "#2980b9"; advice = "Risk is well-controlled. Continue standard monitoring cadence."; }

// --- Annualized Risk Estimate (qualitative) --- // Annualized Loss Expectancy proxy: assume impact unit = $10,000 per point // ALE = (EW/168) * 52 * L/10 * (V/10) * (1 - CE/100) * (I * 10000) var aleProxy = (EW / 168) * 52 * (L / 10) * (V / 10) * (1 - CE / 100) * (I * 10000);

// --- Display Result --- resultDiv.style.display = 'block'; resultDiv.className = 'calc-result'; resultDiv.innerHTML = 'Cyber Threat Risk Score' + '' + normalizedScore.toFixed(1) + ' / 100' + '' + '' + rating + ' Risk' + '' + '' + advice + '';

// --- Breakdown Table --- breakdownDiv.style.display = 'block'; breakdownDiv.innerHTML = '' + '' + 'Component' + 'Value' + '' + 'Threat Likelihood (L)' + '' + L.toFixed(1) + ' / 10' + 'Asset Impact (I)' + '' + I.toFixed(1) + ' / 10' + 'Vulnerability Severity (V)' + '' + V.toFixed(1) + ' / 10' + 'Control Effectiveness (CE)' + '' + CE.toFixed(0) + '%' + 'Exposure Window (EW)' + '' + EW.toFixed(0) + ' hrs/wk (' + (exposureFactor * 100).toFixed(1) + '%)' + 'Residual Likelihood' + '' + residualLikelihood.toFixed(3) + '' + 'Raw Risk Score' + '' + rawRisk.toFixed(3) + '' + 'Normalized Risk Score' + '' + normalizedScore.toFixed(1) + ' / 100' + 'Annualized Risk Proxy (ALE)' + '~$' + aleProxy.toLocaleString('en-US', {maximumFractionDigits:0}) + '' + ''; }

#### Formula

Step 1 — Residual Likelihood: RL = L × (V / 10) × (1 − CE / 100)

Step 2 — Exposure Factor: EF = EW / 168

Step 3 — Raw Risk Score: RawRisk = RL × I × EF

Step 4 — Normalized Risk Score (0–100): Score = (RawRisk / 10) × 100

Step 5 — Annualized Loss Expectancy Proxy: ALE = (EW/168) × 52 × (L/10) × (V/10) × (1 − CE/100) × (I × $10,000)

Where: L = Threat Likelihood, I = Asset Impact, V = Vulnerability Severity, CE = Control Effectiveness (%), EW = Exposure Window (hrs/week).

#### Assumptions & References

More Calculators

Read Next

Study Time Planner Authority Network America › Life Services Authority › National Calculator Authority .calc-container { max-width: 640px;...

References

Related Authorities

Life Services Authority › Professional Services Authority › Trade Services Authority › United States Authority ›