Many factors must be considered in order to accurately calculate the risk your company could experience in response to a data breach. These factors include your industry’s overall risk profile, the size of your organization, and most importantly your company’s preparation to mitigate such a breach. As security practitioners, we work from the principle of “Security by Design” in all of our IT endeavors. This simple principle basically states that an investment made during the design phase is more cost effective than the expenditures resulting after the fact. In the event of a breach, this principle certainly holds true, but how true? That is the question all information security practitioners must face on a daily basis.
To support your answering this question within your own context, TokenEx has developed the TokenEx Risk Calculator. The TokenEx Risk Calculator is based on various public sources for costs associated with data breaches (Ponemon’s 2017 Cost of Data Breach Study: Global Analysis). Additionally, the TokenEx Risk Calculator takes a unique approach to calculating a likelihood given a specific industry, the likelihood of a breach, associated costs, and most importantly your organization’s preparedness to prevent such a breach.
In order to evaluate your organization’s current security investment, TokenEx evaluates the maturity of critical control areas as defined within the Framework for Improving Critical Infrastructure Security by the National Institute of Standards and Technology (NIST), more commonly referred to as the Cybersecurity Framework (NIST CSF). The NIST CSF defines the Framework Core as a set of cybersecurity activities, desired outcomes, and applicable references that are common across critical infrastructure sectors. The Core presents industry standards, guidelines, and practices in a manner that allows for communication of cybersecurity activities and outcomes across the organization from the executive level to the implementation/operations level.