Industrial Cybersecurity & OT Risk worked example

Legacy OS Risk Score with legacy os business impact rating of 23 score: a worked example

Push legacy os business impact rating up to 23 score and the picture changes. This example computes every intermediate figure at that operating point. Use it when prioritizing unsupported HMIs, engineering stations, historians, and SCADA servers for upgrade or isolation.

The inputs for this scenario

  • Legacy OS business impact rating: 23 score (raised for this scenario; the documented default is 9)
  • Legacy OS network exposure rating: 6 score (unchanged)
  • Compensating control weakness rating: 5 score (unchanged)

Working through the calculation

  • Applying the documented formula (Legacy OS risk score = legacy OS impact score × legacy OS exposure score × compensating control weakness score) to the inputs above produces each figure below.
  • At this operating point the engine returns 12.55 score for legacy os risk score, the number this scenario is built around.
  • At this operating point the engine returns 23 score for legacy os impact score.
  • At this operating point the engine returns 6 score for legacy os exposure score.
  • At this operating point the engine returns 5 score for compensating control weakness score.

How this compares with the baseline

  • Against the tool's baseline example, where legacy os business impact rating sits at 9 score and the headline result is 6.95 score, this scenario comes in 80.58% above the baseline at 12.55 score.
  • It multiplies three ratings — legacy OS impact, network exposure and compensating-control weakness — into a single comparative risk score for an unsupported OT asset. The value of this scenario is the size of the gap it exposes: that gap, priced out over a year, is the budget you can justify spending to close it.

Results at a glance

  • Legacy OS risk score: 12.55 score (headline result)
  • Legacy OS impact score: 23 score
  • Legacy OS exposure score: 6 score
  • Compensating control weakness score: 5 score

Run it with your numbers

  • Every input above is editable in the live Legacy OS Risk Score calculator, which recalculates instantly and can be shared with the inputs intact.

Last reviewed 2026-05-12.