Annual Loss Expectancy (ALE) is the number you show leadership when "we should probably fix that" isn't persuasive enough. This is cyber risk explained in the boardroom as a dollar amount. When someone asks how bad a breach could get. It’s risk math that ends in dollars instead of shrugs. — This IBM Cost of a Data Breach Report 2024 gives us the hard data to back it up.

The ALE Formula: Security Spending in One Equation

ALE = ARO × SLE

This formula comes from quantitative risk analysis methodologies outlined in NIST SP 800-30 and formalized by the FAIR (Factor Analysis of Information Risk) framework: