Just how much will that data breach cost your company?
An online calculator lets companies estimate costs
Computerworld - Want to know just how much a data breach is likely to end up costing your company? Darwin Professional Underwriters Inc. may be able to help.
The Farmington, Conn.-based technology liability insurance company has released a free online calculator that it said allows businesses to estimate -- with a fair degree of accuracy -- their financial risk from data theft.
Darwin's Data Loss Cost Calculator uses proprietary algorithms developed with security breach data from media reports and other industry resources, according to the company. Among them was Ponemon Institute LLC's 2006 security breach and cost-analysis survey of 31 companies that had suffered data breaches.
Basically, the calculator allows companies to get hard cost estimates in three major categories: internal investigation expenses, customer notification/crisis management costs, and regulatory and other compliance expenses. Companies input data in the respective fields in the calculator to get instant estimates for costs associated with breach-related activities such as customer notification, credit monitoring, crisis management consulting, state or federal fines, and attorney fees.
"When we talk with different risk managers and CIOs, the constant refrain we hear is, 'Show me how much it costs when someone breaches our information,'" said Adam Sills, lead underwriter for Darwin's technology and information liability initiatives. "There are different statistics from different sources" that have made it hard for companies to asses their financial risk, he said.
The online calculator is "our best guess, using the best information out there for how much this stuff costs," he said. "These are the hard costs that you can quantify when you have a serious situation."
The calculator does not include costs associated with any class-action or other lawsuits that might follow a data breach, he said. Neither does it look at the effect on stock prices or reputation, because such numbers can vary by incident and are much harder to generalize.
Such calculators can be pretty useful in helping companies arrive at a better understanding of the financial implications of a breach, said Pete Lindstrom, an analyst at Midvale, Utah-based Burton Group Inc. "I'm a big fan of calculators," he said. "It grounds security folks in a way that talking ephemerally about brand damage doesn't."
Although the numbers thrown out by Darwin's calculator may not be always accurate for everyone all the time, they give IT managers "a way to think more concretely about the nature of the problem," he said. "We need to collect information like this, even if they are broad estimates, to get smarter. This is as good a start as any."
Avivah Litan, an analyst at Stamford, Conn.-based Gartner Inc., said that such calculators "can give people a way to structure their thinking on the cost implications of a breach. I wouldn't bet my house or my enterprise on these numbers. A lot of the costs are often exaggerated."
Even so, as tools to get people thinking about the hard costs of security breaches, such calculators can at least offer worst-case estimates, she said.
Related Computerworld Discussion:
Read more about Security in Computerworld's Security Topic Center.
- 15 Non-Certified IT Skills Growing in Demand
- How 19 Tech Titans Target Healthcare
- Twitter Suffering From Growing Pains (and Facebook Comparisons)
- Agile Comes to Data Integration
- Slideshow: 7 security mistakes people make with their mobile device
- iOS vs. Android: Which is more secure?
- 11 sure signs you've been hacked
- The 12 PCI DSS 3.0 requirements addressed by Peer 1 Hosting This handy quick reference outlines the 12 PCI DSS 3.0 requirements, who needs to be compliant and how Alert Logic solutions address the...
- Defense Throughout the Vulnerability Life Cycle This whitepaper provides insight into how to leverage threat and log management technologies to protect your IT assets throughout their vulnerability life cycle.
- Mobile Policy Checklist Here's what to consider when putting together a mobile policy designed to support a highly productive workforce.
- Securing BYOD Mobile computing is becoming so ubiquitous that people no longer bat an eye seeing someone working two devices simultaneously. Individuals and organizations are...
- Live Webcast On-demand webinar: "Mobility Mayhem: Balancing BYOD with Enterprise Security" Check out this on-demand webinar to hear Sophos senior security expert John Shier deep dive into how BYOD impacts your enterprise security strategy...
- Live Webcast Endpoint Backup & Restore: Protect Everyone, Everywhere Arek Sokol from the bleeding-edge IT team at Genentech/Roche explains how he leverages cross-platform enterprise endpoint backup in the public cloud as part...
- Streamline Software Asset Management, Compose a software Management Symphony Keeping track of your organization's software is easy with effective software management solutions from CDW. View the videos in our software solutions channel
- Druva inSync: Endpoint Data Protection & Governance CLICK HERE to watch this video about protecting corporate data on laptops and mobile devices, sponsored by Druva. All Security White Papers | Webcasts