| Domain | L | I | Score | Target | Zone | Key evidence |
|---|
Severity tier inputs
Enter open issue counts per severity tier per domain. Formula: (Critical×4) + (High×3) + (Medium×2) + (Low×1) → Likelihood adjustment +0 to +3
CALIBR framework guide
How every score, formula, and threshold works
Core formula
Risk Score = Likelihood × Impact
Range: 1×1 = 1 (min) to 5×5 = 25 (max)
Portfolio average
Avg = Sum of domain scores ÷ 12
Arithmetic mean — no domain weighting applied
Severity weighted score
(C×4) + (H×3) + (M×2) + (L×1)
Maps to Likelihood adjustment +0 to +3
Target formula
Baseline + KPI Adjustment + Severity Tier Score
Revenue baseline sets floor; evidence adjusts upward
Data exposure
$ Exposure ÷ Annual Revenue = % Impact
<1% = Minor | 1–2% = Moderate | >4% = Catastrophic
Heat map zones
| 16–25 | Critical | Immediate executive action. Remediation plan within 30 days. |
| 10–15 | Elevated | Active remediation required. Quarterly senior leadership tracking. |
| 5–9 | Moderate | Monitor and manage. Controls present but gaps exist. |
| 1–4 | Low | Acceptable residual risk. Annual review sufficient. |
Severity tier → Likelihood adjustment
| 0 | +0 | No open issues |
| 1–50 | +0 | Minimal — monitor only |
| 51–150 | +1 | Moderate — action plan required |
| 151–400 | +2 | Significant — executive escalation |
| >400 | +3 | Control failure — board visibility |
Revenue baseline targets
| < $1B | 5.5 | Existential impact threshold lowest |
| $1B–$2.5B | 5.8 | Proportional impact still high |
| $2.5B–$5B | 6.0 | Mid-scale; regulatory floors apply |
| $5B–$10B | 6.5 | Greater absorption capacity |
| > $10B | 7.0 | Highest absolute risk tolerance |
About CALIBR
CALIBR is a KPI-driven, revenue-scaled cyber risk scoring framework developed through live enterprise deployment across a Fortune 200 organization. Every score is formula-traceable and audit-defensible by design.
Three ways to engage
▸ CALIBR Assess — consulting engagement
▸ CALIBR License — framework template
▸ CALIBR Platform — SaaS (coming soon)
Get in touch
Interested in a CALIBR assessment or licensing the framework for your team?
Visit calibrframework.com ↗