Ask the Expert

Cost of a hacking incident

I have not seen anything but gross estimates and would like to see an article on the real costs of a hacking incident. Specifically, I have seen estimates on the manpower to clean and reinstall, restore a database and worker downtime, but what does Yahoo, or ebay or other bank/financial/health institutions have to say about loss of reputation? How many customers didn't come back because of news of lost credit card numbers? How many trading partners went elsewhere? How many auction bidders stopped bidding? Is there any hard research, post incident (obviously made public) about a company's performance and the cost to reputation, cost of fines, cost of lost business, cost of replacing credit cards, etc.?

    Requires Free Membership to View

This is an EXCELLENT question. Sadly, there just isn't an answer. I have never seen a real study done on this, and I have looked repeatedly over the years. I think the data is so hard to come by because companies don't want to collect it. First, the data is tough to get, because you'd have to interview customers, a costly process. Also, just collecting the data may taint the data, in a Heisenberg Uncertainty Principle sort of way. Think about it: Who wants to interview a customer about security breach attitudes when the interview itself might remind the customer that he or she doesn't want to do business with you? Also, and perhaps most importantly, if it's a major loss, public companies are required to report it to regulators and share holders. That's not a good thing for management to be held responsible for. So, by not quantifying the real costs, everyone on the inside is far happier. Sad, but true. For more information on calculating damages (except the reputational impact you discuss), check out Dave Dittrich's paper.

For more information on this topic, visit these other resources:
Ask the Expert: Gaining management support for security
Executive Security Briefing: Selling security to upper management
Best Web Links: Security Management

This was first published in December 2002

There are Comments. Add yours.

TIP: Want to include a code block in your comment? Use <pre> or <code> tags around the desired text. Ex: <code>insert code</code>

REGISTER or login:

Forgot Password?
By submitting you agree to receive email from TechTarget and its partners. If you reside outside of the United States, you consent to having your personal data transferred to and processed in the United States. Privacy
Sort by: OldestNewest

Forgot Password?

No problem! Submit your e-mail address below. We'll send you an email containing your password.

Your password has been sent to: