What’s the cost of a data breach? Depending on who you ask, anywhere from $200,000 to $3.6 million* and higher. Such averages, while useful in tracking trends, are meaningless when it comes to predicting actual breach impact to a specific company. To help companies predict and manage their risk, F-Secure has introduced Cyber Breach Impact Quantification (CBIQ), a new service that quantifies the cost of cyber breach impact to an organization.
Client data from F-Secure risk management assessments suggests most large organizations are ill-prepared to handle breaches: While 50% have a crisis management team that’s prepared for physical disasters or business disruptions, only 20% have a crisis management team capable of effectively leading a cyber crisis. 65% of companies have never run a crisis management exercise to rehearse a cyber incident. Quantifying the cost of a potential breach can help spur organizations to take action to become more prepared and resilient.
“Companies think it’s too difficult to quantify cyber risks so they invest millions in all sorts of controls, just to be on the safe side,” says Marko Buuri, Principal Risk Management Consultant at F-Secure. “But they may be investing in the wrong places, and when the actual breach happens, they’re caught off-guard. CBIQ removes that ambiguity, so they know the right level of security investment they’ll need to protect their core assets.”
Predicting breach cost before it happens lets decision makers know how much is actually at stake, enabling them to make informed cyber risk decisions. It empowers them to focus cyber investments in the right places, provides justification for security spending, and informs decisions related to cyber insurance. It also improves the quality of risk reporting, bringing results down to hard numbers.