Getting paid for getting hacked
Cyber insurance seems to be an exciting business with a lot of uncertainty compared to other industries with more detailed ROIs, as I feel the information security one is missing a reliable ROSI model. I once blogged about why we cannot measure the real cost of cybercrime, and commented the same issue with the "FBI's 2005 Computer Crime Survey - what's to consider?". Don't get me wrong, these are reliable sources for various market indicators, still the situation is, of course, even worse. But how do you try to value security at the bottom line?
By Dancho Danchev at his blog.
[ Read more ]