An estimate is a calculated figure based on available evidence, not a confirmed audited total. In cybersecurity, estimates are used when defenders, analysts, or investigators do not have complete visibility and must work from partial logs, sampled traffic, or incomplete reporting.
Estimates matter because they guide decisions about incident response, threat prioritization, and risk management. A team may estimate how many systems were exposed, how much data could have been accessed, or the likely financial loss from an intrusion. Threat researchers also estimate botnet size, phishing reach, or malware spread from limited observations. The key limitation is that an estimate can be useful without being exact; it should be treated as provisional and validated with logs, audits, and independent measurement before it is used as fact.