Breach Insurance

An intriguing possibility is to use Data Breach Insurance  as a way to measure organizational risk and prioritize security projects. Organizations do not normally think this way about IT risk so some examples might help.

Suppose you wish to purchase a vehicle for your sixteen year old. She wants the latest Camaro with the large V8 engine.  Your spouse suggests that the latest "Your Father's" Oldsmobile is exactly the same price and maybe "safer".

Your automobile insurance company can provide a objective and quantified measure of "safer". Suppose that you discover that the Camaro's insurance cost is three times that of the Oldsmobile. For the sake of the argument let us assume you investigate the costs of repairs and discover they are the same for each model.

The difference in price between the models is the risk premium. The Camaro is three times less safe (from all possible losses) than the Oldsmobile.