Profile Settings: Review/Modify Assumption: Threat Likelihood
- Aug 22
- 6 min read
Updated: Oct 30
The Threat Likelihood section, within Profile Settings, within Review/Modify Assumptions, is where X-Analytics captures your organization's threat likelihood details to deliver valuable risk insights.
Support Guidance
We strongly recommend that all customer leave Default (or industry default) in this sub-section of Profile Settings.
Why Do We Give This Recommendation?
Because we want your X-Analytics experience to be easy and reliable.
On a monthly basis, we harvest vast amounts of data to automatically update threat values for each of the supported industry verticals within the application. When "default" is selected, the industry threat values are specific numbers that can viewed within Insights -> Analysis Center -> Cyber Risk Grids -> Threat selection. However, only the "threat scale position" is shown within Profile Builder.
As an example, if the industry default value for Crimeware threat is 6.25, it will be viewed as 6.25 within Insights and viewed as Moderate-High within Profile Builder.
With each update, you will be able to see how threat is changing month over month, and you will be able to see how changes in the threat landscape alter all downstream values (such as cyber risk, prioritized mitigation actions, and top risk scenarios).
Additionally, you are not required to revisit this section and provide updates monthly. We automatically take care of this variable on your behalf.
What If You Don't Want to Take Our Recommendation?
Then that is okay. Ultimately, we want you to be satisfied with your X-Analytics experience.
If you believe that providing manual overrides to the "default" threat values will produce a better profile, then we want you to make those changes. Please visit here.
As a cautionary note, we want you to be aware that manually overriding the threat values will require you to review and update this sub-section monthly.
As another cautionary note, we want you to be aware that manually overriding threat values will select the top value of the scale position you select. For specific details, please see here.
Steps to Manually Override Threat Likelihood
The Threat Likelihood sub-section is made up of 10 questions. Each question aligns to a threat category. For each threat category, you can toggle threat likelihood or turn off the threat category.
The Threat Likelihood Answer Key:
Before we get to the specific Threat Likelihood questions, let's review the answer key:
D. Default = industry vertical default value (this is updated monthly)
0. No Threat = threat value becomes 0.00
1. Very Low Threat = threat becomes 1.25
2. Low Threat = threat becomes 2.50
3. Low-Moderate Threat = threat becomes 3.75
4. Moderate Threat = threat becomes 5.00
5. Moderate-High Threat = threat becomes 6.66
6. High Threat = threat becomes 8.32
7. Very High Threat = threat becomes 10.00
The X-Analytics Threat Likelihood 10-Point Scale:
On the X-Analytics Threat Likelihood 10-point scale:
0 represents "no threat" volume
5 represents "moderate" (or "average") volume
10 represents "very high" (or "extreme") volume
Selecting the Right Threat Answer:
In order to use the above answer key, you will need to understand what is normal and abnormal for your threat landscape, as well as what is normal and abnormal for the industry vertical threat landscape.
In all cases, you will need to compare your threat landscape with the industry vertical landscape to determine how you should toggle threat likelihood for your profile.
Example A: Industry is Moderate and you believe you are slightly above industry, then you should select Moderate-High. (Support note: this is 1-step up in the answer key)
Example B: Industry is Moderate and you believe you are slightly below industry, then you should select Low-Moderate. (Support note: this is 1-step down in the answer key)
Example C: Industry is Moderate and you believe you are definitely higher than industry, then you should select High Threat. (Support note: this is 2-steps up in the answer key)
Example D: Industry is Moderate and you believe you are definitely lower than industry, then you should select Low Threat. (Support note: this is 2-steps down in the answer key)
The Threat Likelihood Questions w/ Guidance
Question # | Question | Support Guidance |
T.1 | Web Application Attack: Please describe your web application attack threat condition. A web application attack is any incident in which a web application is the vector of attack. This includes exploits of vulnerabilities in the application, stolen credentials, and many other attack varieties. | Non-Applicability: If this threat category is not applicable to your profile, then select No Threat. Industry Override: Based on your unique knowledge of this threat, select a value between Very Low to Very High. |
T.2 | Point of Sale Intrusion: Please describe your point-of-sale intrusion threat condition. A PoS intrusion is any remote attack against environments where card-present transactions are conducted. This pattern does not include physical tampering or credit card skimming. | Non-Applicability: If this threat category is not applicable to your profile, then select No Threat. Industry Override: Based on your unique knowledge of this threat, select a value between Very Low to Very High. |
T.3 | Insider and Privileged Misuse: Please describe your insider and privileged misuse threat condition. Insider and privilege misuse is any incident in which the action is misuse, whether it was done with the intent of harming the organization or not. | Non-Applicability: If this threat category is not applicable to your profile, then select No Threat. Industry Override: Based on your unique knowledge of this threat, select a value between Very Low to Very High. |
T.4 | Miscellaneous Error: Please describe your miscellaneous error threat condition. Miscellaneous error is any incident in which unintentional actions directly compromised an attribute of a organizational asset. This pattern does not include lost devices or data. | Non-Applicability: If this threat category is not applicable to your profile, then select No Threat. Industry Override: Based on your unique knowledge of this threat, select a value between Very Low to Very High. |
T.5 | Physical Theft and Loss: Please describe your physical theft and loss threat condition. Physical theft and loss includes any incident which an organizational asset was stolen or misplaced. | Non-Applicability: If this threat category is not applicable to your profile, then select No Threat. Industry Override: Based on your unique knowledge of this threat, select a value between Very Low to Very High. |
T.6 | Crimeware (Includes Ransomware): Please describe your crimeware threat condition. Crimeware is any incident involving malware that did not fit into a more specific pattern, like a web application attack or point of sale intrusion. This pattern includes worms, viruses, Trojans, ransomware, and many other varieties. | Non-Applicability: If this threat category is not applicable to your profile, then select No Threat. Industry Override: Based on your unique knowledge of this threat, select a value between Very Low to Very High. |
T.7 | Physical Card Skimming: Please describe your physical card skimming threat condition. Physical Card Skimming is any incident in which a skimming device was physically implemented on an asset meant to read and steal payment data. | Non-Applicability: If this threat category is not applicable to your profile, then select No Threat. Industry Override: Based on your unique knowledge of this threat, select a value between Very Low to Very High. |
T.8 | Cyber-Espionage: Please describe your cyber-espionage threat condition. Cyber-Espionage is any incident that includes unauthorized network or system access linked to nation-state, state-sponsored, criminal group, or competitor aiming to steal intellectual property, trade secrets, financial information, or any other sensitive information to gain competitive advantage or sway over an organization. This pattern could also include interruption events intended to gain sway over an organization. | Non-Applicability: If this threat category is not applicable to your profile, then select No Threat. Industry Override: Based on your unique knowledge of this threat, select a value between Very Low to Very High. |
T.9 | Denial of Service (DoS) Attack: Please describe your denial of service (Dos) threat condition. DoS is any attack intended to compromise the availability of networks and applications by overwhelming the system. In most cases, your organization is the target. However, in some cases, your assets could be used to launch an attack against another organization. | Non-Applicability: If this threat category is not applicable to your profile, then select No Threat. Industry Override: Based on your unique knowledge of this threat, select a value between Very Low to Very High. |
T.10 | Everything Else: Please describe your everything else threat condition. Everything else is any unusual social, malware, hacking, environmental, or physical incident that was not already associated with the other nine previous threat patterns. You can think of this as a "catch all" pattern. This is a collecting of all conditions labelled as "unknown" or "other". | Non-Applicability: If this threat category is not applicable to your profile, then select No Threat. Industry Override: Based on your unique knowledge of this threat, select a value between Very Low to Very High. |
Additional Support
If you need further assistance, then please contact your Customer Success Team Member.
Comments