Melissa Hathaway on Quantifying the Value of Cybersecurity

Melissa Hathaway
Melissa Hathaway

Melissa Hathaway, author of the 60-day White House cybersecurity review and former acting senior director for cyberspace at the National Security Council, is promoting the American National Standards Institute and the Internet Security Alliance’s 76-page report “The Financial Management of Cyber Risk.”

She writes, “This excellent guide for the C-suite puts forth the right questions to help organizations be proactive in managing their risk and exposure that is derived from their digital dependence.”

The report estimates that a data breach of 10,000 records of personal information would cost an organization about $1.6 million directly, and that’s assuming 80 percent coverage of direct costs through breach insurance.  Direct expenses include investigations and forensics, consulting services, victim notification, public relations, legal defense and credit and identity monitoring, but a significant indirect cost is lost business.  The report cites several cost models as a basis for its findings.

Organizations should learn to view data security as a business imperative as opposed to a responsibility, according to the report, and view data theft as theft, not a security breach. The report says that organizations should assemble a cyber risk team that meets in person, as face-to-face interactions prevent the confusion arising from separate business units speaking in jargon.

You may also be interested in...

Red Hat’s David Egts: Open-Source Training, ‘Sense of Mission’ Could Help Agencies Address Cyber Skills Gap

David Egts, chief technologist for Red Hat’s North American public sector, has said there are several options …

HHS, Industry Aim to Help Health Organizations Mitigate Cyber Threats With New Publication

The Department of Health and Human Services has released a four-volume document that outlines 10 …

Cloud-Based Identity Tools, Mobile Device-Based Authentication Among Cyber Market Trends to Watch in 2019

Some of the trends in the cybersecurity market to watch in 2019 include the availability …