Sara, a security analyst, is trying to prove to management what costs they could incur if their customer
database was breached. This database contains 250 records with PII. Studies show that the cost per record for
a breach is $300. The likelihood that their database would be breached in the next year is only 5%. Which of
the following is the ALE that Sara should report to management for a security breach?
SLE × ARO = ALE, where SLE is equal to asset value (AV) times exposure factor (EF); and ARO is the
annualized rate of occurrence.
SLE = 250 x $300; ARO = 5%
$75000 x 0.05 = $3750