diff --git a/antifragile-consulting/playbooks/business-case-template.md b/antifragile-consulting/playbooks/business-case-template.md
index 8f7c129..23c027b 100644
--- a/antifragile-consulting/playbooks/business-case-template.md
+++ b/antifragile-consulting/playbooks/business-case-template.md
@@ -27,11 +27,11 @@ This template provides a reusable structure for building financial justification
 
 | Risk Category | Probability (Client-Specific) | Average Industry Cost | Expected Value |
 |--------------|------------------------------|----------------------|----------------|
-| Ransomware incident (recovery + downtime) | [X]% | €4.5M | €[X * 4.5M] |
-| Regulatory fine (DORA / NIS2 / national) | [X]% | 1-2% global turnover | €[X * % GT] |
-| Data breach notification and remediation | [X]% | €3.8M (per IBM Cost of Data Breach Report) | €[X * 3.8M] |
-| Cloud AI vendor price increase / lock-in | [X]% | 200-500% price shock | €[X * shock] |
-| Competitive intelligence loss (cloud AI training) | [X]% | Unquantifiable but existential | High |
+| Ransomware incident (recovery + downtime) | [X]% | €4.5M average (IBM 2024) | €[X * 4.5M] |
+| Regulatory fine (DORA / NIS2 / national) | [X]% | Up to 2% global turnover (NIS2); up to 1% daily (DORA) | €[X * % GT] |
+| Data breach notification and remediation | [X]% | €3.8M average (IBM Cost of Data Breach 2024) | €[X * 3.8M] |
+| Incident response and forensics | [X]% | €150K–500K (external IR firm + legal + crisis comms, independent of breach cost) | €[X * 325K] |
+| Business interruption during recovery | [X]% | €[daily revenue] × [estimated downtime days] — client-specific | €[X * daily] |
 
 **Calculation**: