What should analysts do if data on past loss events is scarce?

When data on past loss events is scarce, stepping down in analysis level to concentrate on Threat Event Frequency is a strategic approach. This is because analyzing Threat Event Frequency allows analysts to evaluate the likelihood of potential threat events rather than focusing solely on the financial impact of losses, which may be difficult to estimate without sufficient historical data.

By working with Threat Event Frequency, analysts can draw on more generalizable data, such as industry trends, theoretical models, or expert predictions, to identify how often specific threat events may occur. This approach maintains the analytic rigor of the assessment while compensating for the lack of direct loss event data. It enables the formulation of a more complete risk picture by considering how often an event might happen, even if granular details about past losses are unavailable.

In this context, directly estimating the impact value may not be advisable since insufficient data could lead to inaccurate conclusions. Relying on general industry loss data could provide some insights, but it may not be specific or relevant enough to the analyst's unique situation. Consulting external experts on potential threats can enhance understanding, but it's still essential to use Threat Event Frequency as a structured foundation for analyzing risk when historical loss data is limited.