Melissa Hathaway, author of the 60-day White House cybersecurity review and former acting senior director for cyberspace at the National Security Council, is promoting the American National Standards Institute and the Internet Security Alliance’s 76-page report “The Financial Management of Cyber Risk.”
She writes, “This excellent guide for the C-suite puts forth the right questions to help organizations be proactive in managing their risk and exposure that is derived from their digital dependence.”
The report estimates that a data breach of 10,000 records of personal information would cost an organization about $1.6 million directly, and that’s assuming 80 percent coverage of direct costs through breach insurance. Direct expenses include investigations and forensics, consulting services, victim notification, public relations, legal defense and credit and identity monitoring, but a significant indirect cost is lost business. The report cites several cost models as a basis for its findings.
Organizations should learn to view data security as a business imperative as opposed to a responsibility, according to the report, and view data theft as theft, not a security breach. The report says that organizations should assemble a cyber risk team that meets in person, as face-to-face interactions prevent the confusion arising from separate business units speaking in jargon.