Annualized Loss Expectancy (ALE)

Security+ πŸ† β€’ Security Operations πŸ›‘οΈ β€’ Difficulty: premium

Definition

ALE estimates the expected yearly cost of a risk: ALE = SLE Γ— ARO, where SLE is the loss from a single incident and ARO is how often it’s expected to happen per year.

Examples

  • A file server worth $80,000 with an exposure factor of 40% has SLE = $32,000. If the threat is expected every 5 years (ARO = 0.2), ALE = $6,400.
  • Ransomware clean-up averages $150,000 per incident (SLE). If similar incidents strike once every 3 years (ARO = 0.33), ALE β‰ˆ $49,500. A $20,000 control that halves the frequency lowers ALE to β‰ˆ $24,750.

Discover πŸ”Ž

Annualized Loss Expectancy is a simple quantitative technique used in risk management to put a yearly price tag on specific threats. By multiplying how much you lose each time (SLE) by how often it happens (ARO), you can compare risks consistently and justify security investments with numbers instead of guesswork.

Open the interactive lesson Browse more topics

Tip: The interactive version includes progress tracking, decks, and premium deep dives.