twitter facebook rss

The cost of a breach

Posted by on September 21, 2014.

averagcostI always find this sort of statement totally absurd.

The average for which companies?

  • all companies?
  • some companies?
  • which companies?

The average of which breaches?

  • all breaches?
  • some breaches?
  • which breaches?
  • which of the unreported breaches are included and which are excluded?

Over what period of time?

  • all time?
  • last two years?
  • current?

What costs are included?

  • lost sales (how do you quantify that)?
  • lost image (how do you quantify that)?
  • cost of mitigation (pre-breach)?
  • cost of mitigation (post-breach)?

My guess is that the average statistician could justify any average figure you want. But of course the higher it is, the more likely you are to spend more money on the security products of the companies that create such figures.

One thought on “The cost of a breach

  1. That’s spooky. Looking at the image before reading any of your comments, I was thinking to myself “Oh no, here we go again, another meaningless and ridiculous marketing extrapolation from inadequate data …” and, hey, you’ve written my script.

    Well said sir. I couldn’t agree more.

    Even scarier, though, is the thought that countless infosec pros around the globe have factored a figure plucked from thin air into their risk models …

Leave a Reply

Your email address will not be published. Required fields are marked *

Submitted in: Expert Views, Kevin Townsend's opinions | Tags: , , ,