Quantifying The Risk of a $650,000 Security Breach

by | Feb 17, 2014 | Empower Sales Conversations, Product Management, Quantify Customer Value

HomeBlogProduct ManagementQuantifying The Risk of a $650,000 Security Breach

By: Dr. Stephan Liozu and Timothy Summers

Measuring the value of intangible value drivers is hard. Not only do you have to find the appropriate formula, but you have to document expectancy and occurrences and then try to average them out.  You have to do some digging and ask the right experts. Additionally, you have to identify a formula, tools, and resources that best fit your organizational culture, personnel, timeline, and budget.
Let us take an example of such a driver and try to measure it. We all know that hackers can do damage to a firm’s IT systems and global reputation. The latest issues with two large retailers (Target and Neiman Marcus) show that both impacts are real and can be costly. To the point that Target was asked to testify in front of a Congressional committee. Target is now spending $100 million on the security of their infrastructure. Not small change. But the impact of the brand reputation is unmeasurable. Not to mention the 70 lawsuits being filed against them by aggravated customers.
Now imagine your company develops and markets solutions helping firms prevent security breaches and hackers’ activities. As such, your offering is not a software product but you are selling peace of mind and risk attenuation/mitigation solutions. The critical message of your value-based marketing story is to sell the value of avoiding such a security breach.  In the event that the risk in question is realized, your offering must lessen the impact to such a point that the hit is bearable and contained.
In order to sell the value of your offering, you have to be able to quantify the cost of a security breach. The a simple equation used throughout the security field is Risks = Threats x Vulnerabilities x Impact to measure risk. The best way that risk is explained here is by asking “how much pain can you take?” The next step is then to identify the potential cost of a security breach. For that, you have to search and search and then do some more searching. There are experts out there that can help. It happens that Kapersky Lab conducted such a research project and concluded that the cost of a security break is, on average, $649,000. Of course, it varies greatly by firm size and by industry. As a matter of fact, a small or medium enterprise would feel an impact of $50,000 should they be hacked. Large enterprises would be impacted more as you can imagine. Here is a quote from the survey report:
“In some cases the financial losses incurred by small companies are accompanied by other losses amounting to approximately 5% of annual revenues. In one case, a company lost all of its business in a region where it had been successful prior to the incident.”
Bottomline, during the selling process, the message moves from “we can protect your infrastructure with our software solution” to “we can avoid your company feeling the pain of a security breach that could cost you up to $650,000 and up to 5% of your sales.” It is a more dramatic story in your value-based marketing materials that will help you sell the features and benefits of your offering. So if you are a marketing or pricing professional in the service or software industry, you have to find the nuggets of information that will allow you to measure the value of your intangible drivers. It is a discipline of searching, uncovering, and interviewing until you find some data. Then you are able to craft a relevant and credible story that creates dramatic value messages: “Are you willing to take the risk of a $650,000 security breach?”
About the Authors:
Stephan Liozu is the Founder of Value Innoruption Advisors and specializes in disruptive approaches in innovation, pricing and value management.  He earned his PhD in Management from Case Western Reserve University and can be reached atsliozu@case.edu.
Timothy Summers is a strategic management and cybersecurity consultant and one of the world’s leading researchers in hacker cognitive psychology.  He is currently a PhD student at Case Western Reserve University and can be reached attimothy.summers@case.edu.

Blog Signup

Subscribe to the Value Strategies Blog today