Quantifying cyber risks is essential for organizations to grasp their vulnerability to threats and make informed decisions. However, current approaches still need to work on blending economic viewpoints to provide insightful analysis. To bridge this gap, we introduce QBER approach to offer decision-makers measurable risk metrics. The QBER evaluates losses from cyberattacks, performs detailed risk analyses based on existing cybersecurity measures, and provides thorough cost assessments. Our contributions involve outlining cyberattack probabilities and risks, identifying Technical, Economic, and Legal (TEL) impacts, creating a model to gauge impacts, suggesting risk mitigation strategies, and examining trends and challenges in implementing widespread Cyber Risk Quantification (CRQ). The QBER approach serves as a guided approach for organizations to assess risks and strategically invest in cybersecurity.

翻译：摘要：量化网络安全风险对组织评估其面临的威胁脆弱性并做出明智决策至关重要。然而，现有方法仍需融合经济学视角，以提供富有洞察力的分析。为弥补这一不足，我们提出QBER方法，为决策者提供可量化的风险指标。该方法可评估网络攻击造成的损失，基于现有网络安全措施开展详细风险分析，并提供全面的成本评估。我们的贡献包括：概述网络攻击概率与风险、识别技术、经济与法律（TEL）影响、构建影响评估模型、提出风险缓解策略，以及探讨实施广泛网络风险量化（CRQ）的趋势与挑战。QBER方法为组织评估风险并战略性地投资网络安全提供了指导路径。