What’s your financial risk?

Beside the obvious reputational risk, the loss or theft of sensitive data also has negative financial consequences for organizations, including: expenses that can exceed $130 for each customer; additional expenses that can exceed $100 per record;  rer-chare price declines that can exceed 10 percent; revenue declines than can exceed 9 percent, and Customer losses than can exceed 9 percent.

However, the likelihood of experiencing these financial losses depends on the probability of experiencing the event: for some this may be once per year or less, while for others it could be once every 50 years, or more.  Annualizing the loss provides insight into the expected annual financial impact from the loss or theft of sensitive data (Figure 1).

Figure 1: Expected financial loss, annualized


























Source: IT Policy Compliance Group, 2007

Guidance recommendations

The financial consequence data loss and theft include additional expenses from litigation settlements, lowered profits, declines in market capitalization, shareholder dissatisfaction, customer defections and revenue declines. 

The IT PCG benchmarks show that organizations with frequent controls assessment are delaying, mitigating and avoiding harm to the brand, delaying and reducing financial consequences from data loss and theft, and saving hard-earned profits to sustain competitive advantage. 

Financial sense dictates:

·       Increasing the rate at which procedural and technical controls are assessed

·       Ensuring that controls are risk-relevant and can be measured 

© IT Policy Compliance Group, 2007