Glossary
Business interruption
The revenue and productivity lost while you are down or degraded after a cyber incident. Often the largest single cost, and the worst estimated.
Business interruption is the cost of not operating normally while you recover. Nobody hands you an invoice for it, which is why it gets underestimated, yet in serious incidents it is frequently the biggest line, larger than the ransom and often larger than recovery itself.
The arithmetic is daily revenue times days down times the fraction of revenue you actually lose. That fraction is the part people fumble: it is not 100%, because some operations limp along and some sales are deferred rather than lost. How long you are down depends far more on whether you can restore than on the malware, which loops back to your recovery time objective. How to cost it properly.