Cyber Risk Quantification translates technical vulnerabilities and threat intelligence into business metrics like expected annual loss, enabling cost-benefit analysis of security investments and risk transfer decisions. Methods include factor analysis of information risk, value-at-risk models, and Monte Carlo simulations that account for event frequency and loss magnitude distributions. Quantification helps prioritize security spending and justify budgets to executives in business language. A healthcare provider might quantify ransomware risk by modeling attack probability, ransom costs, downtime losses, regulatory fines, and reputation damage to determine whether additional endpoint protection or cyber insurance provides better value. Standards like FAIR methodology provide structured approaches to cyber risk quantification.