fix: Replace cloud AI cost rows in business case direct costs table

Remove 'Cloud AI vendor price shock' (not a security risk; unverifiable
number) and 'Competitive intelligence loss from AI training' (inaccurate
claim that contradicts corrections made throughout the framework).

Replace with:
- Incident response and forensics (EUR 150-500K, real range)
- Business interruption during recovery (client-specific daily revenue)

All five rows now map directly to risks the programme addresses and
are quantifiable in a CFO conversation.

Co-Authored-By: Tom Kracmar <tom+claude@cat6.cz>

antifragile-consulting/playbooks/business-case-template.md

@@ -27,11 +27,11 @@ This template provides a reusable structure for building financial justification
 
 | Risk Category | Probability (Client-Specific) | Average Industry Cost | Expected Value |
 |--------------|------------------------------|----------------------|----------------|
-| Ransomware incident (recovery + downtime) | [X]% | €4.5M | €[X * 4.5M] |
-| Regulatory fine (DORA / NIS2 / national) | [X]% | 1-2% global turnover | €[X * % GT] |
-| Data breach notification and remediation | [X]% | €3.8M (per IBM Cost of Data Breach Report) | €[X * 3.8M] |
-| Cloud AI vendor price increase / lock-in | [X]% | 200-500% price shock | €[X * shock] |
-| Competitive intelligence loss (cloud AI training) | [X]% | Unquantifiable but existential | High |
+| Ransomware incident (recovery + downtime) | [X]% | €4.5M average (IBM 2024) | €[X * 4.5M] |
+| Regulatory fine (DORA / NIS2 / national) | [X]% | Up to 2% global turnover (NIS2); up to 1% daily (DORA) | €[X * % GT] |
+| Data breach notification and remediation | [X]% | €3.8M average (IBM Cost of Data Breach 2024) | €[X * 3.8M] |
+| Incident response and forensics | [X]% | €150K–500K (external IR firm + legal + crisis comms, independent of breach cost) | €[X * 325K] |
+| Business interruption during recovery | [X]% | €[daily revenue] × [estimated downtime days] — client-specific | €[X * daily] |
 
 **Calculation**: