Estimating the cost of an intrusion has never been easy. It is something that IT managers grapple with regularly, particularly when fighting for budgets. This article will attempt to explore some of the considerations when contemplating the cost of a systems breach, or indeed the cost of a possible ‘future’ breach.
At a basic level, the most obvious cost component associated with a security incident of any kind is the cost of human labour that will be inevitably required to investigate the breach (if indeed there was one). Add to this the fact that these ‘investigators’, assuming they are employees, will be taken away from their normal work activities, resulting in lost productivity. Time will be spent analysing what has happened, re-installing operating systems, restoring installed programs and data files, reviewing log files, writing incident reports, interfacing with vendors or suppliers etc. And don’t forget that all this will be relatively disruptive, possibly resulting in users being prevented from accessing the systems they need to do their jobs. More lost productivity and ultimately wasted time.
Thankfully, most organisations have a very accurate indication of how much each and every employee’s time costs, so putting a monetary figure on this component is straightforward enough.
One of the major challenges of the security community is to develop an effective return on investment calculation that will allow them to justify security expenditures before catastrophic incidents occur. Ask the following questions:
- Who worked on responding to or investigating the incident?
- How many hours did each of them spend?
- How many people were prevented from working because of the incident?
- How much productive time did each of them lose?
- How much do you pay each of those people to work for you?
- How much overhead do you pay (insurance, sick leave, etc.) for your employees?
By subscribing to our early morning news update, you will receive a daily digest of the latest security news published on Help Net Security.
With over 500 issues so far, reading our newsletter every Monday morning will keep you up-to-date with security risks out there.