Many factors must be considered in order to more accurately calculate the risk your company could experience in response to a data breach. These factors include your industry’s overall risk profile, size of your organization, and most importantly your company’s preparation to mitigate such a breach. For security practitioners, the principle of “Security by Design” is an essential property we try to instill in all of our IT endeavors. This simple principle basically implies, an investment made during the design phase is more cost effective than the expenditures expended after the fact. In the event of a breach, this principle certainly holds true, but how true is the question we must attempt to answer.
To support answering this question, TokenEx has developed the TokenEx Risk Calculator. The TokenEx Risk Calculator is based on various public sources for costs associated with data breaches (Ponemon’s 2015 Cost of Data Breach Study: Global Analysis). The TokenEx Risk Calculator takes a unique approach to calculate a likelihood given a specific industry, the likelihood of a breach, the associated costs, and most importantly your organization’s preparation to prevent such a breach.
In order to evaluate your organization’s current security investment, TokenEx evaluates the maturity of critical control areas as defined within the Framework for Improving Critical Infrastructure Security by the National Institute of Standards and Technology (NIST) or more commonly referred to as the Cybersecurity Framework (NIST CSF). The NIST CSF defines the Framework Core as a set of cybersecurity activities, desired outcomes, and applicable references that are common across critical infrastructure sectors. The Core presents industry standards, guidelines, and practices in a manner that allows for communication of cybersecurity activities and outcomes across the organization from the executive level to the implementation/operations level.