It can be argued that cyber threat intelligence (CTI) is most valuable to a business when it continuously informs a quantitative risk assessment model that contains specific probabilities for loss from a specific threat type.
In this paper, we’ll use the techniques and formula articulated in How to Measure Anything in Cybersecurity Risk by Douglas W. Hubbard and Richard Seiersen, to estimate the probability of financial loss at Recorded Future (the company) based on multiple information security (INFOSEC) threats.