Currently Being Moderated

Symantec and the Ponemon Institute have published a new 2011 report on the cost of data breaches.  The most interesting part from my perspective was the online risk calculator:

Playing with the calculator, I found it was not really geared towards companies like ours – the kinds of data were limited to certain types that don't fit our industry.  However I went ahead anyway and selected what I thought were reasonable inputs and it came out with the following:


Are these numbers reasonable?  Perhaps.  However I feel the precision is misleading.  Providing a likelihood of 9.7%, a cost per breach down to the last dollar, seems a bit like saying there is a 3.8% chance of an earthquake in the next year.  It would be more useful to understand how many significant digits there are in that figure, or perhaps a 25%-75% confidence interval with a median.  After all, if the cost is absolutely enormous for a small number of companies, that could easily skew the average.

That said, interesting stuff, though when I have time I'd like to understand the methodology better.