Given that the UTM of a Risk is between 0 and 100, we can then calculate the value of each UTM by
        dividing the Exposure by one hundred. So, as you decrease the UTM with controls, and you increase the
        mitigation effectiveness, you can calculate how much the financial exposure is reduced. If you then look
        at the cost of putting this mitigation in place you can decide as a board whether you want to spend the
        money or whether the board has the appetite to accept the risk without further costly mitigations.












































 Civil Prosecution

 Criminal Prosecution
 Damages paid to clients
 Direct financial loss

 Immediate loss of client contracts
 Investigations / defence costs
 Physical repair and replacement of Property

 Regulatory fines - ICO, SRA, FCA, etc
 Test Factor
 Other







                                                                                                                    19