A laptop is lost ~10 times a year, but each loss has only a 1% chance of leading to a data leak. An insider attempt happens 0.1× per year with a 25% chance of success. Which is the bigger Loss Event Frequency?
Laptop loss: 10 × 1% = 0.1 incidents/year. Malicious insider: 0.1 × 25% = 0.025 incidents/year. The mundane laptop loss has 4× the frequency of the dramatic insider scenario.
The example shows how FAIR's Threat Event Frequency × Vulnerability works for two scenarios both leading to "confidential info exposed to unauthorised people":
| Laptop loss | Malicious insider | |
|---|---|---|
| Annual occurrence (TEF) | 10 | 0.1 |
| Vulnerability (chance an event becomes an incident) | 1% | 25% |
| Loss Event Frequency | 0.1 / year | 0.025 / year |
The lesson: Threats don't get prioritised by drama, they get prioritised by frequency × success-rate. Cheap, high-volume threats often outrank scary low-volume ones. Encrypting laptop disks (cuts the 1% to ~0%) pays back faster than insider monitoring (which barely moves the 0.025 number).
Tip: This is a key reason FAIR + Monte-Carlo simulations are so persuasive: they expose where intuition mismatches arithmetic.