What Is Loss Event Frequency (LEF)?

Updated on November 20, 2025

Loss Event Frequency (LEF) is a critical metric used in Cyber Risk Quantification (CRQ) and frameworks like Factor Analysis of Information Risk (FAIR). LEF represents the probable frequency that a specific loss event will occur over a given time, usually annually. By moving from qualitative estimates to a measurable frequency, LEF serves as a foundational element in calculating an organization’s total financial risk exposure from a cyber threat.

Definition and Core Concepts

Loss Event Frequency is the prediction of how often a defined threat scenario—from initial attempt to final loss—will successfully become an actual financial loss event. It is a probabilistic measure that considers both a threat actor’s capabilities and an organization’s defensive controls. LEF is always expressed as a rate, such as 0.5 per year (once every two years) or 20 times per year.

Foundational Concepts

• Cyber Risk Quantification (CRQ): The discipline of expressing cyber risk in monetary terms. LEF is the frequency component of CRQ.
• FAIR Model: The framework that uses LEF as a primary factor, breaking down total risk into frequency and magnitude components.
• Loss Event: The ultimate undesirable outcome, defined as the successful exploit of a vulnerability that leads to a financial cost (e.g., “A successful denial of service attack”).
• Annualized Loss Expectancy (ALE): The total predicted financial risk, calculated as ALE = LEF × Loss Magnitude (LM).

How It Works: Factors Determining LEF

LEF is determined by analyzing two primary causal factors. These are often expressed as probabilities or frequencies of attempts and successes.

Threat Event Frequency (TEF)

Threat Event Frequency (TEF) is the measure of how often an attempt to cause a loss event occurs. It focuses entirely on the adversary’s actions or the inherent probability of an accidental event. Factors influencing TEF include:

• Threat Capability: The skill and motivation of the specific threat actor.
• Threat Contact Frequency: How often the threat actor is in a position to attempt the event, such as the volume of phishing emails received per day.

Vulnerability (Vuln)

Vulnerability (Vuln) is the probability that a threat event attempt will succeed in overcoming an organization’s defensive controls. It is a measure of control effectiveness. Factors influencing Vulnerability include:

• Control Strength: The effectiveness of defensive measures like multi-factor authentication, firewalls, and patching cadence.
• Threat Resistance: The difficulty for the threat actor to bypass existing controls.

The relationship is often modeled as LEF = TEF × Vulnerability. For example, if TEF is 100 per year (100 phishing attempts) and Vulnerability is 0.05 (a 5% success rate), then LEF equals 5 per year.

Key Features and Components

• Probabilistic Nature: LEF is expressed as a distribution of possible frequencies rather than a single number, reflecting the uncertainty in prediction.
• Measurability: LEF forces analysts to use historical data—such as the number of failed login attempts or industry breach rates—to ground their estimates in empirical evidence.
• Control Effectiveness: It directly highlights how defensive controls influence risk. Improving controls reduces Vulnerability, thereby lowering the overall LEF.

Use Cases and Applications

LEF is a primary metric for prioritizing threats based on their likelihood of occurrence.

• Risk Prioritization: It allows for comparing two scenarios—one with a high Loss Magnitude (LM) but low LEF, and another with a low LM but high LEF—to determine which poses a greater Annualized Loss Expectancy.
• Mitigation ROI: It helps quantify the reduction in LEF resulting from a security investment. For example, an analyst can calculate the percentage reduction in phishing success rate (Vulnerability) provided by a new security awareness training program.
• Scenario Modeling: LEF is used to model “what-if” scenarios, such as the change in annual expected loss if a specific system is left unpatched, thereby increasing its Vulnerability.

Advantages and Trade-offs

• Advantages: LEF provides an objective, measurable basis for discussing the likelihood of cyber risks. It allows security teams to precisely quantify the value of preventative controls.
• Trade-offs: Estimating TEF and Vulnerability accurately requires significant effort and quality data, including historical information and threat intelligence. Using inaccurate input data will lead to flawed LEF figures and, consequently, a flawed ALE.

Key Terms Appendix

• CRQ (Cyber Risk Quantification): The overall discipline of measuring cyber risk financially.
• FAIR Model: A framework for quantitative risk analysis.
• TEF (Threat Event Frequency): How often an attack is attempted.
• ALE (Annualized Loss Expectancy): Total annual financial risk.
• Loss Magnitude (LM): The financial impact if an event occurs.