6

When someone says "why do we need to spend so much money and effort on security, we need to focus on market share first and once someone finds a problem we will fix it", I would like to have a list of security breaches which involved severe financial or reputation loss - measured in dollars rather than bits and bytes - to help me argue the case for security.

Can you provide actual values, or accepted calculations on losses from security breaches?

frankodwyer
  • 1,907
  • 12
  • 13
  • 2
    @Secure: this looks like a request to Google a link for you. Please find the article for yourself: if it presents interesting or confusing points, you're welcome to ask questions about them here :) –  Apr 23 '11 at 20:15
  • 4
    @Graham - the obligatory reference: http://slash7.com/2006/12/22/vampires/ – Rory Alsop Apr 23 '11 at 20:21
  • @Graham - 1. It is possible to find an answer to any question with google, why do we need this forum then? 2. In many cases google provides results of search optimization or search text is difficult to define 3. I did not expect to see that 'google it yourself' approach on stackexchange –  Apr 23 '11 at 20:36
  • 4
    @secure from http://security.stackexchange.com/questions/how-to-ask "Have you thoroughly searched for an answer before asking your question? Sharing your research helps everyone. Tell us what you found and why it didn’t meet your needs. This demonstrates that you’ve taken the time to try to help yourself, it saves us from reiterating obvious answers, and most of all it helps you get a more specific and relevant answer!" –  Apr 23 '11 at 21:01
  • maybe a bit harsh to close this. drop the last two sentences and it's an OK q, no? – frankodwyer Apr 24 '11 at 20:28
  • 4
    Have updated the question to hopefully make it more applicable, and reopened – Rory Alsop Apr 24 '11 at 20:38
  • 2
    The request for someone to do the google search for you for a specific article you remember is offtopic. But Rory's rewrite gets to the heart of how SE can help add value - so thanks for getting the ball rolling! – nealmcb Apr 24 '11 at 20:47

3 Answers3

5

The return on investment for security measures is really hard to show. Companies that were compromised by NIMDA or CodeRed had their losses published. Here has a good discussion about it: Schneier on Security: Security ROI

nealmcb
  • 20,544
  • 6
  • 69
  • 116
VP.
  • 1,043
  • 1
  • 11
  • 12
5

Is a 24 billions dollars loss enough? (even if I personally find the $314 loss per account number hard to justify)

PlayStation Network Breach Could Cost Sony $24 Billion

This very public case have the merit of really putting the problem out in the spotlight.

Bruno Rohée
  • 5,221
  • 28
  • 39
2

It looks like the Sony case has cost them $171 million plus a few extra bits and pieces, such as hiring a CSO (finally)

The breach at RSA cost RSA $66 million - admittedly this one has also cost Lockheed and others, but those are more indirect.

Rory Alsop
  • 61,367
  • 12
  • 115
  • 320