Figures & data
Table 1. Brief description of IT-based risk/threat/maturity models, their advantage and disadvantages, and their relation to our proposed QBowtie model.
Table 2. Additional Industry Loadings. (AIG and Claims Intelligence Series 2016).
Table 3. Additional Severity Loading by Sector. Data Source: (Ponemon Institute Citation2020).
Figure 6. Left hand side of bow-tie diagram for top event Data Breach illustrating threats (rectangles), barriers (ovals) and escalators (hexagons).
![Figure 6. Left hand side of bow-tie diagram for top event Data Breach illustrating threats (rectangles), barriers (ovals) and escalators (hexagons).](/cms/asset/f45c3d1b-98b3-4f31-bae5-5b72034f95a1/rjrr_a_1900337_f0006_b.jpg)
Figure 7. Right hand side of Bowtie diagram for top event Data Breach illustrating consequences (rectangles), barriers (ovals) and escalators (hexagons).
![Figure 7. Right hand side of Bowtie diagram for top event Data Breach illustrating consequences (rectangles), barriers (ovals) and escalators (hexagons).](/cms/asset/1bc84e4b-7144-42ae-a881-41669a1720a8/rjrr_a_1900337_f0007_b.jpg)
Figure 8. Cyber risk Matrix. The Threat is on the vertical axis, while the severity is on the horizontal. The combined score is mapped to a quadrant, and the top right represents the riskiest company, while the bottom left represents the least risky company.
![Figure 8. Cyber risk Matrix. The Threat is on the vertical axis, while the severity is on the horizontal. The combined score is mapped to a quadrant, and the top right represents the riskiest company, while the bottom left represents the least risky company.](/cms/asset/579ba3e6-a63b-4b1e-a783-5c05f549cc37/rjrr_a_1900337_f0008_b.jpg)