Steps to Take to Evaluate Cyber Risk: Part 2 – Quantify Risk
If your customers’ credit card information is stolen, do you know how much that will cost you? (Photo: iStock)
Property Casualty 360 takes us on a six step list on where you can follow to evaluate cyber risk and prepare your organization. Here is step two.
2. Quantify risk
With guidance from key department personnel and IT, seek to develop two to three data breach scenarios that could affect your organization. The goal is to quantify the potential financial impact.
- Leverage any IT security assessments that have been performed in the past, such as penetration testing or white-hat modeling.
- Consider the costs in the following categories: computer forensics, crisis management, notification costs, credit monitoring, data restoration, defense costs, fines and penalties, and business interruption.
- Use this assessment as an opportunity to line up potential vendors to assist with a breach by seeking cost estimates for the response to your scenario. For example, if you have a breach affecting 150,000 records of credit card numbers from customers living across 12 states, your attorneys should be able to provide a fee estimate of the legal and notification costs.
After you’ve developed scenarios and response cost estimates, your company can develop a strategy to address the risk and better quantify the potential benefits of Cyber coverage.
Related: Step 1 Assess IT Security