ARL Logo Risky Thinking – On Risk Management, Disaster Recovery, and Business Continuity  
Home / Risk Glossary / Annualized Loss Expectancy 12 May, 2008
Risky Thinking
Home Page
Newsletter
Workshops & Seminars
Consulting
Risk Articles
Older Articles
Article RSS Feed
Michael Z. Bell
Risk Glossary
BCP Tools
Risk Resources
Contact Info

 

 

 

Annualized Loss Expectancy (Definition)

The Annualized Loss Expectancy (ALE) is the expected monetary loss that can be expected for an asset due to a risk over a one year period. It is defined as:
ALE = SLE * ARO
where SLE is the Single Loss Expectancy and ARO is the Annualized Rate of Occurrence.

An important feature of the Annualized Loss Expectancy is that it can be used directly in a cost-benefit analysis. If a threat or risk has an ALE of $5,000, then it may not be worth spending $10,000 per year on a security measure which will eliminate it.

One thing to remember when using the ALE value is that, when the Annualized Rate of Occurrance is of the order of one loss per year, there can be considerable variance in the actual loss. For example, suppose the ARO is 0.5 and the SLE is $10,000. The Annualized Loss Expectancy is then $5,000, a figure we may be comfortable with. Using the Poisson Distribution we can calculate the probability of a specific number of losses occurring in a given year:

Number of Losses
in Year		ProbabilityAnnual Loss
00.6065$0
10.3033$10,000
20.0758$20,000
≥30.0144≥$30,000

We can see from this table that the probability of a loss of $20,000 is 0.0758, and that the probability of losses being $30,000 or more is approximately 0.0144. Depending upon our tolerance to risk and our organization's ability to withstand higher value losses, we may consider that a security measure which costs $10,000 per year to implement is worthwhile, even though it is more than the expected losses due to the threat.

See Also: Single Loss Expectancy, Annualized Rate of Occurrence.

How far away should a hot site or mirror site be?
A question that is often asked when designing a disaster recovery plan is how far away a hot site or mirror site should be. Is there a simple answer? (More...)
The Risky Thinking Newsletter contains news, opinions and articles on Business Continuity, Disaster Recovery, and Risk Management. It's free for people working in the area. Click here to subscribe.

[ Up to Risk Glossary ]

You're welcome to use these defintions for any purpose provided that an acknowledgement is made to www.riskythinking.com and (if you're using HTML) you provide a link back to this site.

© Albion Research Ltd. 2008