Skip to main content

incent-for-the-averages-insure-against-the

(0 comments)

One the comments on Emergent Chaos about my post Incentive plan for an information security team was from Andrew Jaquith of the Yankee Group:

The fallacy of this whole argument is that "average" losses cannot be applied to any particular incident. Losses are dominated by outliers. ALE is information security's spherical cow.
I equated this to not saving for retirement because you might win the lottery. It occurred to me after reading Dark Day Planning: Insuring Against Data Loss that the real answer for Low Probability, High Impact events is insurance. I was even able to dig up some costs for the insurance in this Chronicle of Higher Education article (subscription required, but still in Google Cache:
Brokers say the price of cybercoverage depends on the size of a college's student body. Mr. Hallstrom estimates that a college with 20,000 students can get $3-million of cyberinsurance for about $50,000 a year.
That seems like a pretty good deal to me.

 

Currently unrated

Comments

There are currently no comments

New Comment

required

required (not published)

optional

Recent Posts

Archive

2019
2018
2017
2016
2015
2014
2013
2012
2011
2010
2009
2008

Categories

Tags

Authors

Feeds

RSS / Atom