Estimating Cost of a Data Breach
Wednesday, November 4, 2015 @ 08:11 AM gHale
Costs of a breach continue to rise, but the idea executives at companies still think they will never suffer an attack and therefore don’t have to worry about security still remains fairly prevalent.
Maybe that attitude would change if these leaders knew just how much it would cost their company if they suffered a breach.
There is now a firm that has a product out there that can put a dollar value on that risk.
PivotPoint Risk Analytics launched a product that aims to help organizations quantify their cyber security risk by gauging how much a breach could cost, including a breakdown of how much additional security controls in areas like account access, incident response, training and malware defenses could reduce that figure.
PivotPoint estimates the dollar value of a breach by giving companies a questionnaire that asks about their biggest money-making operations and most critical operations, and how business would suffer if specific systems shut down or data leaked.
Seven cyber insurers have partnered with the company, said Julian Waits, president and chief executive of PivotPoint. If its estimates prove reliable, the product could boost the cyber insurance industry, which struggles with underwriting in the field where things like lost sales, a damaged brand and liability lawsuits are difficult to quantify.
The city of San Diego, one of the early customers to sign a contract with PivotPoint, has personally identifiable data of its residents, which, if compromised, could force the city to pay for credit monitoring for those people. And while its 911 emergency system isn’t a revenue machine, it’s an essential service for the city and a hack could pose liability issues.
Security leaders have a hard time understanding monetary issues revolving around an attack and not being able to provide a strong cost scenario, they can’t really point out the benefits of a solid security program. By giving a detailed analysis of figures for average losses, severe potential losses and total exposure for a specific operation can show boards whether the company needs more cyber insurance coverage and where to bolster defenses.