The folks at the Economist (with some funding from Booz Allen Hamilton, clearly doing penance for bringing Snow into your Den) have introduced the CyberTab cyber crime cost calculator. And no, this isn’t an April Fool’s joke. The Economist is now chasing breaches and throwinging some cyber around. Maybe they will sponsor a drinking game at DEFCON or something.
It will calculate the costs of a specific cyber attack–based on your estimates of incident-response and business expenses and of lost sales and customers–and estimate your return on prevention.
Basically they built a pretty simple model (PDF) that gives you guidelines for estimating the cost of an attack. It’s pretty standard stuff, including items such as the cost of lost IP and customer data. They also provide a model to capture the direct costs of investigation and clean-up. You also try to assess the value of lost business – always a slippery slope.
You can submit data anonymously, and presumably over time (with some data collection), you should be able to benchmark your losses against other organizations. So you can brag to your buddies over beers that you lost more than they did. The data will also provide fodder for yet another research report to keep the security trade rags busy cranking out summary articles.
Kidding aside, I am a big fan of benchmarks, and data on the real costs of attacks can help substantiate all the stuff we security folks have been talking about for years.
Photo credit: “My platform is bigger than yours” originally uploaded by Alberto Garcia