Here is a brief checklist on the cost assessment of a
Impact assessment
Your impact assessment should include the
following factors:
1. Will the breach impact your company's
2. Did the breach affect a contractual or legal
(regulatory) obligation?
3. Is the breach already public or do only we know?
4. Does the breach affect our customers directly?
5. Does the breach affect suppliers?
If all of your answers to these questions are No,
then there is no reason to worry. If you answered
Yesat least once, you need to examine this and put
a figure to it.
Cost structure
A breach’s cost is determined by the following
1. Direct cost through loss of revenue.
2. Direct cost by employee’s overtime to contain or
remediate the breach.
5: A Brief Checklist
3. Direct cost by using external services to
investigate or assist in remediation.
4. Penalties and fines.
5. Public relations cost to re-establish trust.
6. Legal cost through lawsuits brought against the
company or that the company needs to enter into
as plaintiff to defend its interests.
Major cost factors
The following are major cost factors:
1. Finding the root cause of the breach.
2. Externals hired to assist in breach resolution.
3. Loss of revenue.
4. Penalties and fines.
Sideline cost factors
The following are sideline cost factors:
1. Legal costs of assistance needed to refute a claim
or to bring a claim against a perpetrator to court.
2. Lost productivity due to having to deal with the
breach (for example, recreating customer records
because an employee went AWOL after
destroying all back-ups).
3. Lost productivity due to the length of time it
takes your company to fully recover.
5: A Brief Checklist
Penalties and fines
Examining the contractual penalties and regulatory
fines you might face can be very helpful to determine
a priori or a posteriori, if these are relevant cost
factors in any particular case.

Get The True Cost of Information Security Breaches: A Business Approach now with the O’Reilly learning platform.

O’Reilly members experience live online training, plus books, videos, and digital content from nearly 200 publishers.