alexlukin - Fotolia

Get started Bring yourself up to speed with our introductory content.

Estimate the cost of a data breach with CyberTab

The CyberTab tool aims to help enterprises estimate the cost of a data breach, as well as estimate the cost of resources to prevent future breaches.

What do you think about the new CyberTab tool from The Economist that helps calculate the cost of a data breach? What's the best way to use it to support an enterprise security program, specifically to leverage the estimates for more resources prior to a breach?

The CyberTab tool, which was created by The Economist's Intelligence Unit and is sponsored by Booz Allen Hamilton, is a free tool that aims to help infosec executives understand the cost implications of a data breach. CyberTab has some similarities to the Verizon Data Breach Investigations Report and VERIS, as both are built off of information security incident data sharing.

Estimating the cost of a data breach event is one of the easiest ways to demonstrate the lower bound of the cost of information security in an enterprise. There are many subcomponents of the costs of an incident, and the CyberTab tool walks users through calculating these costs, which are broken down into details of the attack and company demographics, as well as business costs, lost business and estimating the costs of security controls to prevent future attacks.

CyberTab can be used to support an enterprise security program in several different ways. The first step is to understand the current information security costs and try to identify the unidentified costs. This can be done by comparing the CyberTab worksheet to the methodology used in your enterprise for tracking the costs of an incident. Estimates using the planning mode can be used along with historical incident data to forecast the costs of information security incidents that could happen in the future.

The CyberTab tool can also be used to estimate the costs of publically known incidents if they happened at your organization to help estimate how much should be spent to prevent a similar incident, or to make the case to leverage additional security resources to prevent incidents in the first place.

Also, as more enterprises use the tool, Booz Allen Hamilton is able to collect more data to improve the tool in the future. If your enterprise doesn't already have a tool for estimating the cost incurred from an information security incident, CyberTab could be used during incident response exercises, which will help your organization estimate if additional resources should be devoted to protecting its assets. The tool could also be used after an incident to estimate costs for the same reason. CyberTab could even be used while responding to an incident to identify if more drastic action needs to be taken to stop an attack (such as disconnecting a production system from the Internet or even turning systems off if the costs are too high).

Ask the Expert!
Have a question about enterprise threats? Send it via email today! (All questions are anonymous.)

This was last published in September 2014

Dig Deeper on Data security breaches

Start the conversation

Send me notifications when other members comment.

Please create a username to comment.