Vitrium has a variety of resources to check out - select from a category below.
For many companies who understand the risk of a breach of confidential information, the ability to quantify the risk can be elusive. Justifying the cost of implementing controls is difficult if the c-suite can’t be convinced of a problem, and the “c’s” are unlikely to understand arguments that don’t come with some dollars attached. The “risk” seems too nebulous, and easily dismissed as something that could happen but is more likely to happen to the other guy. As soon as dollars come into the picture however, it has a magical way of focusing the attention where it should be – the bottom line.
In a recent Ponemon Institute study, 79 percent of C-level US and UK executives surveyed say executive level involvement is necessary to achieving an effective incident response to a data breach and 70 percent believe board level oversight is critical.
You have IT folks to handle security right? Well, most IT departments think in terms of putting big strong walls around data and making it very hard for anything to get in or out that isn’t supposed to.
What might not be controlled is confidential, or private data and information in documents (content) that are shared via email, synced to cloud sharing applications and mobile devices and all manner of pathways. This data/information is extremely promiscuous in that, well, it “gets around”. There are apps that can read and map local network configurations, create porous membranes, allow access to devices where data can be read, or “vulnerability pathways” into what you might think are locked-down networks.
That’s not even getting started with permissions based loss. Documents, data and content can (and often is) leaked by folks who have the passwords and correct access who share documents by mistake or in ignorance of the governance policy controlling that document, or maliciously. These common and pernicious “insider” risks can be easily overlooked when calculating costs and risks.
The 2015 Cost of Data Breach Study: Global Analysis reported that the average cost for each lost or stolen record was $154, the average cost of an incident is $3.79 million. Can your company absorb $3.79 million in losses? Plus, this may not even include legal costs.
A quick “guesstimate”:
(Adjust these figures based on your own revenues and estimates. The above is just a rough guideline meant to stimulate your thinking and isn’t meant to be 100% accurate.)
Exercise: Estimate your potential costs in each of these areas
Assuming a small, medium, or large incident with your most valuable or sensitive documents. What would even a 10% loss of revenue mean? How much risk is your organization willing to assume in light of the potential top-to-bottom-line cost estimates? Use our Data Breach Calculatorto help you estimate these costs.
Do you know your risk? Find out how your company scores on our 1 Minute Risk Grader.