A consolidated approach for estimation of data security breach costs

Abstract

Many security breaches have been reported in the past few years impacting both large and small organizations. There has often been considerable disagreement about the overall cost of such breaches. No significant formal studies have yet addressed this issue, though some proprietary approaches exist. A few computational models for evaluating partial data breach costs have been implemented, but these approaches have not been formally compared and have not been systematically optimized. There is a need to develop a more complete and formal model that will minimize redundancy among the factors considered and will confirm with the available data regarding the costs of data breaches. Existing approaches also need to be validated using the data for some of the well documented breaches. It is noted that the existing models yield widely different estimates. The reasons for this variation are examined, and the need for better models is identified.