3. The CEO of your company is concerned about cyber security and has asked you to perform a "breach of customer data" risk assessment. Beyond the costs of resolving the technical concerns, a breach of customer data will create potentially several unplanned costs such as: (1) forensic examination; (2) notification of customers and third parties; (3) increased call center costs; (4) public relations costs; (5) legal defense and potential settlements; and, (6) federal or state fines, penalties, and potential required future audits. You worked with the Director of Security to perform the risk assessment and your summary of the risk assessment is the following. The Director of Security believes there is only a 5% chance over the next three years of a breach of customer data. However, if a breach of customer data occurs the 10-50-90 range of impact to the company as measured in net present value is - $100M, -180M, and -250M respectively. The IT organization has suggested an intervention to reduce the likelihood of a breach of customer data that would cost $25M in capital ($15M in 2021 and $10M in 2022) and $600,000 in expense ($400,000 in 2021 and $200,000 in 2022). The Director of Security believes this would reduce the chance of a breach of customer data to as little as 1% over the next three years. Unfortunately, the range of impacts given the breach occurs remains the same. Adjusting for the cost of the IT intervention, the 10-50-90 range of impact to the company as measured in net present value is -$122.44M, -202.44M, and -272.44M. The company's risk-free discount rate is 7%. a) What is the expected NPV impact (expected risk liability) before implementing the IT intervention? 3. The CEO of your company is concerned about cyber security and has asked you to perform a "breach of customer data" risk assessment. Beyond the costs of resolving the technical concerns, a breach of customer data will create potentially several unplanned costs such as: (1) forensic examination; (2) notification of customers and third parties; (3) increased call center costs; (4) public relations costs; (5) legal defense and potential settlements; and, (6) federal or state fines, penalties, and potential required future audits. You worked with the Director of Security to perform the risk assessment and your summary of the risk assessment is the following. The Director of Security believes there is only a 5% chance over the next three years of a breach of customer data. However, if a breach of customer data occurs the 10-50-90 range of impact to the company as measured in net present value is - $100M, -180M, and -250M respectively. The IT organization has suggested an intervention to reduce the likelihood of a breach of customer data that would cost $25M in capital ($15M in 2021 and $10M in 2022) and $600,000 in expense ($400,000 in 2021 and $200,000 in 2022). The Director of Security believes this would reduce the chance of a breach of customer data to as little as 1% over the next three years. Unfortunately, the range of impacts given the breach occurs remains the same. Adjusting for the cost of the IT intervention, the 10-50-90 range of impact to the company as measured in net present value is -$122.44M, -202.44M, and -272.44M. The company's risk-free discount rate is 7%. a) What is the expected NPV impact (expected risk liability) before implementing the IT intervention