Assessing risk of a cyber security failure in a computer network of an entity includes: assessing risk of an entity, using a computer agent configured to collect information from at least publicly accessible Internet elements, and automatically recommending, based at least in part on the assessed risk, changes to reduce the assessed risk to mitigate the theoretical damage. The assessed risk comprises a cyber security failure risk in a computer network of the entity; and the assessing of risk comprises: generating a disaster scenario that comprises elements of a disaster event; modeling the disaster scenario against a profile of the entity; and determining theoretical damage based at least in part on the modeling.