Move the sliders — both models recalculate live. The Quantitative Risk Model always scores equal to or lower than the Board/Executive Scorecard — a stricter formula ensures practitioners never see an inflated survivability result.
Most organizations don't fail because they were attacked. They fail because nobody knew how vulnerable they really were.
The AI-CRRQ™ Survival Index™ gives your organization a single score — calculated live, in under 60 seconds — that answers the question every board member, regulator, and insurer is now asking: If a cyber attack hit your organization today, could you keep operating — or would it bring you down?
🏛️
Board & Executive Leadership
CEO · CFO · Board Directors · General Counsel · Audit Committee
Imagine your board is asked: "How exposed are we to a ransomware attack right now?" Most executives cannot answer that with a number.
This calculator gives you the number.
One score, in plain language, that tells your board, auditors, and cyber insurer exactly where your organization stands.
🛡️
CISOs & Risk Professionals
CISO · Risk Analyst · GRC Lead · Incident Response · VP of Security
Most cyber risk reports presented to boards are color-coded charts and lengthy narratives. Boards rarely act on them.
Give your leadership team a single score they can track, compare over time, and act on.
The Quantitative Risk Model uses a stricter formula that reflects how badly small gaps in leadership compound under real crisis conditions.
Most cyber insurance applications are based on self-reported data — often optimistic, incomplete, or wrong.
The Survival Index™ gives you a math-based score, not a self-reported checklist.
Three independently assessable dimensions combined into one defensible survivability number.
✅ No login required
🔒 Zero data collected
⚡ Results in under 60 seconds
🚫 No sales call. Just your score.
🔒
Formula Integrity Note
Board/Executive Scorecard uses: SI = (ORCI × RVI) / TEI · Quantitative Risk Model applies: SI = [(ORCI1.2 / 1000.2) × RVI] / (TEI + 10) The Quantitative Risk Model always produces an equal or lower survivability score. The k = 10 constant is principled, not tuned to empirical data.
📊
Score Range
Both models output a 0–100 survivability score. Higher scores indicate stronger survivability under current threat conditions. The Quantitative Risk Model cannot exceed the Board/Executive Scorecard by mathematical construction.
⚙️
Input Vectors — Three DimensionsShared across both models · Adjust sliders to model your organization's current risk posture
TEI
Threat Exposure Index
50
⚠️ Threat Exposure Intensity
Financial exposure — $500K–$5M+ breach cost range
Breach probability — likelihood of a material incident
BCP maturity — business continuity plan depth & testing frequency
Slow / IncompleteFast / Comprehensive
🏛️
For Boards, Executives & Non-Technical Leaders
Board / Executive Scorecard
SI = (ORCI × RVI) / TEI · Capped at 100 · Plain-language resilience posture score
Board
CEO
CFO
General Counsel
BOARD / EXECUTIVE SCORECARD
⚠️ Illustrative Self-Assessment Only
This score is a formula-based estimate derived entirely from your self-reported inputs. It provides a directional view for discussion purposes only and does NOT:
Predict actual survivability, breach outcomes, or operational continuity
Constitute a security audit, risk assessment, compliance certification, or insurance-grade analysis
Replace professional services, penetration testing, or established frameworks (NIST CSF, ISO 27001, FAIR)
Carry any guarantee of accuracy or applicability to your specific environment
Plain-language resilience posture score — Higher = stronger ability to continue operating during cyber disruption.
🎯
Leadership readiness drives this score — ORCI is the primary variable. Improving leadership readiness produces the greatest improvement in your Survival Index™.
📊
Normalized 0–100 — Score is always bounded between 0 and 100. Higher scores reflect stronger operational resilience posture relative to current threat exposure.
Board-level takeaway: To improve your score, invest in leadership readiness (ORCI) first, recovery capability (RVI) second, and manage the conditions driving Threat Pressure (TEI).
🔬
For CISOs, Risk Analysts, Actuaries & Cyber Insurers
Quantitative Risk Model
Stricter scoring — by mathematical construction, cannot exceed the Board/Executive Scorecard
CISOs
Risk Analysts
Actuaries
Cyber Insurers
QUANTITATIVE RISK MODEL
36.3
✕ CRITICAL
SI = [(ORCI1.2 / 1000.2) × RVI] / (TEI + 10)
[50^1.2/100^0.2 × 50] / (50+10) = 36.3
🔬 WHAT THIS TELLS THE PRACTITIONER
🛡️
Stricter leadership scoring — ORCI1.2 penalizes capability gaps more harshly; a score of 50 performs far below "half" under real crisis conditions.
🔒
Conservative by design — never inflates survivability; by mathematical construction, cannot exceed the Board/Executive Scorecard.
📋
Structured comparative output — TEI+10 stabilizes the score for consistent directional comparison. Not a substitute for actuarial or underwriting review.
💡 Why the Quantitative Risk Model score is always lower
📐 Formula at all-100 inputs:
(100 × 100) / (100 + +10) = 10,000 / 110 = 90.91
✅ Maximum possible QRM score:
~90.91 — the +10 buffer reflects residual exposure that even the most resilient organizations carry.
✓ The Quantitative Risk Model's maximum is ~90.91 when all inputs are 100. This is a feature — it ensures the model never overstates survivability.
🔒
BY DESIGN — ALWAYS SCORES ≤ BOARD/EXECUTIVE SCORECARD — NEVER INFLATES SURVIVABILITY
📈
ORCI1.2 — Non-Linear Leadership Adjustment
Normalization: ORCI_adj = ORCI1.2 / 1000.2 — applies an accelerating penalty for sub-100 capability scores to reflect real-world leadership gaps under adversarial conditions.
Plain language: A leadership score of 50 does not mean "half as capable." The exponent 1.2 means gaps at the lower end are penalized more severely — because in a real crisis, a barely-capable team performs far worse than half as well as an elite one.
ORCI = 100
100.0
Optimized Capability adj = 100.0
ORCI = 70
65.2
Capable Team adj = 65.2
ORCI = 50
43.5
Developing adj = 43.5
ORCI = 30
23.6
At Risk adj = 23.6
⚓ TEI + 10 stability constant prevents score inflation when threat exposure is low
💀
0–39
Critical
Severe exposure. Immediate board-level intervention required.
⚠️
40–64
At Risk
Significant gaps. May not sustain operations through a major cyber event.
🛡️
65–84
Vulnerable
Partial resilience. Core capability present but gaps remain under pressure.
✅
85–100+
Resilient
Strong survivability. High capability relative to threat. Sustain and optimize.
⚠ Research Disclaimer — Scores are illustrative and expressed as a normalized 0–100 survivability index for research and discussion purposes only. Not a certified risk assessment. No data is collected or transmitted. Developed by Alim Abdul, Cyber Risk & Governance Advisor — AICRRQ.com · AI-CRRQ™ Framework v1.0
Informational Use Only. The AI-CRRQ™ Survival Index™ is a self-reported, directional indicator based on inputs you provide.
It does not constitute a certified security assessment, compliance certification, or professional cybersecurity opinion.
Results should not be used as the sole basis for security, regulatory, legal, or investment decisions without independent professional review.
Full legal notices →