Incident Response Estimation and Preparedness

Here’s how we use Thrivaca for Incident Response (IR) Estimation and Preparedness. When we think about IR, we need to tie the CSIRP and our preparedness exercises to the real-world economic impacts of brand and reputation - hard costs such as notification expense, credit monitoring service expense, and associated costs.

Now, recognizing the difficulty of getting an accurate rendering of the costs associated with an IR scenario, Arx Nimbus has gathered case studies from a diverse set of sources, including papers published on residual effects of a wide variety of cyber-attacks and resulting losses, and very thorough research from wall street analysts on the effects of major breaches.

So, let’s look at valuation of the PII Breach risk scenario. Now as you’d expect, this is the highest impact risk area by far for most organizations. The risk impact self-insurance cost shown here is a function of:

a.) the number of sensitive records in the company’s possession

b.) an aggregate self-insurance cost based on published-source trends of total economic impact in recent breaches.

Now, we can look at the related capability components contributing to these projected IR costs.

As you can see, we now have a prioritization of those IR capabilities, and a few non-IR capabilities, that are driving our incident response costs associated with the large PII breach scenario. Now we can also draw out the amount of our PII risk, represented by this specific self-insurance cost, and the associated IR costs, that are related back to each of these capabilities.

As you can see in this example, we now have the information necessary to start to prioritize our IR preparedness efforts and begin to drive down our self-insurance cost as driven by IR as in the typical large-scale PII breach response - all driven by actual real-world parameters from known and recent breaches, adjusted for the financials and cyber capabilities of your specific enterprise.