Annualized Rate of Occurrence (ARO)

Security+ 🏆 • Security Operations 🛡️ • Difficulty: premium

Definition

ARO is the expected number of times a specific threat will cause a loss in one year. It’s a frequency, not a money value, and is used in ALE = SLE × ARO.

Examples

If phishing leads to a costly incident about once every 3 years, ARO = 1/3 ≈ 0.33.
If minor outages from misconfigurations happen twice a year, ARO = 2.

Discover 🔎

ARO answers a simple planning question: how often should we expect this loss to happen in a typical year? Once you can describe the frequency of a threat, you can combine it with how much one incident costs (SLE) to estimate expected yearly loss (ALE). ARO is about frequency, not severity, so it pairs naturally with SLE to give a balanced picture.

Open the interactive lesson Browse more topics

Tip: The interactive version includes progress tracking, decks, and premium deep dives.