Skip to main content

incent-for-the-averages-insure-against-the

One the comments on Emergent Chaos about my post Incentive plan for an information security team was from Andrew Jaquith of the Yankee Group:

The fallacy of this whole argument is that "average" losses cannot be applied to any particular incident. Losses are dominated by outliers. ALE is information security's spherical cow.
I equated this to not saving for retirement because you might win the lottery. It occurred to me after reading Dark Day Planning: Insuring Against Data Loss that the real answer for Low Probability, High Impact events is insurance. I was even able to dig up some costs for the insurance in this Chronicle of Higher Education article (subscription required, but still in Google Cache:
Brokers say the price of cybercoverage depends on the size of a college's student body. Mr. Hallstrom estimates that a college with 20,000 students can get $3-million of cyberinsurance for about $50,000 a year.
That seems like a pretty good deal to me.

 

Current rating: 1

Recent Posts

Archive

2024
2022
2021
2019
2018
2017
2016
2015
2014
2013
2012
2011
2010
2009
2008

Categories

Tags

Authors

Feeds

RSS / Atom