Calculating the Cost of Security Risks for Your Clients

Solution providers are always trying to add value and substance to why a prospect should sign-up for their services. But calculating the cost of security related incidents has been more akin to smoke and mirrors. Most potential clients can clearly see through a “guestimate,” and when trying to sell a prospect on your services.

But there is hope! There is a great tool put out by the Ponemon Institute and sponsored by Symantec that boils down the complex calculations to determine risk exposure, into an easy to follow wizard. This is a great tool to add to the arsenal of solution providers. It can be found at:

security-risks

The calculator takes you through 13 questions. The questions ask about the industry you are in (or your client in this case), about your security policies and practices, what kind of information you store, what are the main security concerns they have, if employees have access to sensitive data, if devices are encrypted and how you protect your devices, the company size, the global foot print, where the company is located, how remote access is given, authentication measures, etc… The questions are very simple and quick to answer. It shouldn’t take more than a few minutes. At the end of the calculator, you are given the following results:

  • Companies in your industry with your risk profile have a likelihood of experiencing a data breach in the next 12 months of  $___________
  • Your average cost per record is    $___________
  • Your average cost per breach is   $___________

Additionally you can receive a customized report by filling in a few fields and your email address. A customized PDF file is then emailed to you with much greater detail than the 3 answers above. The report goes into each of the questions and explores the financial impact of the answers chosen. It is about 7 pages long.

Unfortunately you cannot put your own branding on this report, but I think that having Symantec branding on it gives it some weight that you are not making these numbers up. You could easily do a question and answer session right in front of your client to generate this report live and move to a productive discussion about how your managed security services can mitigate the calculated risk.

The website has one more link after you complete the questions in which it will give you very basic, high-level solutions to solve some of the security gaps that were identified from the answers chosen.

If you are struggling to create a managed security offering, the Data Breach Risk Calculator is a great tool to show substantial quantifiable risk to your clients.