Estimating costs of security breaches

Until now, estimating costs for infrastructure security breaches has been more magic than science, according to Bill Spernow, research director of information security strategies at Gartner Group in Stamford, Conn. After collaborating with some of the top information security minds in the industry, Spernow has developed a four-part model for estimating these losses. The model looks at how a security incident affects the IT enterprise, IT staffing, profit and new clients who are denied access.

For example, you can put a price tag on the impact on the technological enterprise by taking the annual IT budget plus the average uptime and dividing by the percentage of affected systems and the number of hours network resources were unavailable. Spernow's commentary, "Estimating Losses from an Infrastructure Compromise: A Generic Model for IT Security Staff," is still in development but should be available within two weeks at The report is free of charge to Gartner clients; nonclients may purchase it.

Join the newsletter!


Sign up to gain exclusive access to email subscriptions, event invitations, competitions, giveaways, and much more.

Membership is free, and your security and privacy remain protected. View our privacy policy before signing up.

Error: Please check your email address.

More about GartnerGartner

Show Comments