C-Risk I cyber risk quantification