Calculating reasonable costs for cyber defense

Share on facebook
Share on twitter
Share on linkedin
Share on email
Share on whatsapp

After completing a cyber risk assessment, you come away with a list of recommendations.   Some may be little to no cost, while others could mean an investment that was not budgeted.  How can you determine how much is reasonable to spend to defend your organization?

Computing costs of risks can be challenging.  For cyber risk, you need to include the costs of downtime, investigation (with possible digital forensics), remediation to get back up and running, notifications and possible fines if data is exposed, and potential litigation.  Fortunately there are cyber breach risk calculators to help you put some real numbers in place based on the type(s) and amount of sensitive data you maintain.

Next you can determine the costs of prevention and protection.  Some investments could be offset by other benefits.  For example, adding 24/7/365 monitoring of your network may decrease cost for cyber insurance, or give you a competitive edge when targeting new clients who are concerned about cyber security and will only do business with those who have similar protections in place.

In the end, you should have a matrix of possible exposures and the costs to protect against them.  If the cost of avoidance far outweighs the potential losses, this helps you to make the business case for a proactive approach.  If the cost of avoidance is much higher, and you are not under a compliance mandate to take preventive measures, you may choose to accept the risk.

To view our webinar on the types of risks and associated costs of a cyber incident, as well as examples of making the business case: http://bit.ly/1fchy7U

 

 

Foresite admin
Website | + posts

Sign Up For Our Blog

Get our latest content delivered to your inbox.

partner with foresite consulting to become a More Effective Leader

Develop the skills and strategies you need to take your company to the next level of success.

Search