This is the measure that is based on how a threat steals data and what it does to the data stolen. Information theft is associated with this field. Most, if not all, malware have information theft routines. These routines steal specific data. Based on the data stolen and the manner the stolen data is distributed, Information Exposure can have the following ratings: High – Malware steals personally identifiable information (PII), finance-related information, industry-specific data and hardware information (mobile IMEI) and it sends gathered information via HTTP, SMTP or FTP. Malware is capable of getting a person or a company’s data, which causes financial loss and/or damage to reputation to the individual or the company; Medium – malware steals gaming-related information or product serial numbers. Information stolen has little effect on users; Low – Malware has no information theft capability, therefore no information is exposed.