How to put a dollar figure on agent security risk your board will act on

Leadership funds risk it can size. Translate agent exposure into expected loss using dated breach economics and a quantitative model, and the security budget stops being a hard sell.

B

Balagei G Nagarajan

4 MIN READ


A security analyst translating a tangle of agent threats into a single clean dollar figure on a boardroom screen
You are no longer asking for security as insurance against a feeling.
— from “How to put a dollar figure on agent security risk your board will act on”

Key facts.

  • IBM's 2025 report puts the global average breach at 4.44 million dollars and the US average at a record 10.22 million, your two cost anchors for an expected-loss model. source
  • Shadow AI added about 670,000 dollars to the average breach, and 97% of organizations that suffered an AI-related breach lacked AI access controls. That 97% is your probability argument. source
  • The FAIR model (Factor Analysis of Information Risk) expresses risk as the probable frequency and magnitude of loss, producing outputs like "X% chance of a loss above Y dollars" that map directly to a board's language. source
  • ISO/IEC 42001:2023, the certifiable AI Management System standard, structures how you govern, document, and continually manage AI risk but does not itself output dollar figures, so pair it with FAIR for the financial number. source

Why does qualitative risk language fail in front of a board?

A "high" risk on a red-amber-green chart competes with every other "high" in the company and loses, because it carries no magnitude. The board cannot compare it to the revenue at stake, the cost of the control, or the next initiative on the list. Expected loss fixes that. When you say the agent's data-access pattern carries a 15% annual chance of an incident whose central cost estimate is 4.44 million dollars, you have handed leadership a number they can weigh against a control that costs a fraction of it. That is a decision they can make, and it is the same expected-value math they already use for every other investment.

The 97% figure does the heavy lifting on probability. It is not a vague "agents are risky." It is a measured link between a specific missing control (AI access controls) and the breach it failed to prevent. You are no longer asking for security as insurance against a feeling. You are showing a bounded spend against a measured, dated loss with a stated likelihood.

Funnel diagram turning raw agent threats into loss-event frequency and magnitude, then into a single expected-loss dollar range

How do you build the number without faking precision?

Use FAIR's two factors. Estimate loss-event frequency (how often an injection or over-broad permission turns into an incident, informed by your own near-miss data and the 97% control-gap signal) and loss magnitude (anchored to the IBM averages, adjusted for your data sensitivity and the shadow-AI premium if your agents touch unmanaged tools). FAIR runs those as ranges, not point estimates, so the output is honest: a distribution of probable losses rather than a false single figure. Then put the bounded control cost beside it. The control side is known. The loss side is large and measured. The gap between them is your business case.

What leadership hearsQualitative chartQuantitative model
The ask"This is a high risk""15% annual chance of a 4.44M loss"
ComparabilityOne "high" among manyDollars vs the control's dollars
Probability basisGut feel97% of AI breaches lacked access controls
Decision it enablesDefer, it's vagueFund, the math is clear

This is why a Pattern Intelligence Layer is an easy line item to defend. Reliability and security at the pattern level mean the controls (scoped permissions, access governance, runtime monitoring) are bounded, reusable, and enforced on every run, so the spend is a predictable number you can set against a measured loss. Predictable cost against a dated, sized risk is the most fundable conversation in security, and it survives the next model upgrade because the protected surface is the pattern, not one model.

Frequently asked questions

Which single stat carries a board deck?
97% of organizations that suffered an AI-related breach lacked AI access controls (IBM 2025). It ties a cheap, specific control directly to the loss it prevents.

Do I need FAIR, or is ISO/IEC 42001 enough?
Use both. ISO/IEC 42001 structures how you govern and manage the risk. FAIR turns it into the dollar range a CFO acts on. They answer different questions.

Won't a smarter model lower the risk I'm sizing?
No. Frontier agents still fell to adaptive attacks at over 90% success across a dozen defenses. The exposure stays; the control belongs in the budget regardless of model.


Share this post

Join the discussion

Have a take, a war story, or a question? Sign in with GitHub to comment and react. Comments are powered by GitHub Discussions, ad-free and yours to moderate.

Continue Reading

Find where your agent breaks, before you build it

Faultmap maps where your agent will fail from the goal and your data, then hands you the first test suite it has to pass.