Thought Leadership

Measuring the Organizational Cost of Loss in Security

Is there an industry average for organizational cost of loss due to security incidents like fraud? Read the results from our joint research with the  SEC.

June 22, 2022

What is the industry average for organizational cost of loss due to security incidents? How are we measuring events like fraud and corporate security incidents like armed robbery?

At Resolver, we can get pretty passionate about measuring and demonstrating security team value. When your leadership can’t quantify your efforts, securing  the security budgets  needed to serve overall business objectives is tougher.

(More on the metrics that matter in Corporate Security here.)

We recently partnered with the  Security Executive Council’s  (SEC)  Security Leadership Research Institute  (SLRI) to conduct a survey investigating the organizational cost of loss. The goal of the initiative was to collect enough data to find an industry average for cost of loss that includes fraud and other types of events such as:

  • armed robbery,
  • assault,
  • abuse,
  • product contamination/tampering,
  • and theft.

While the  Association of Certified Fraud Examiners  tracks cost of loss for occupational fraud, there is currently no public research that includes fraud and other loss categories. Yet, we hear from security professionals daily about the need to articulate security metrics to leadership.  

This is disappointing, says Bob Hayes, Managing Director of the SEC. “The security industry lacks the ability to quantify the business impact and results of risk mitigation. One of the SEC’s initiatives is to establish a common language and common measurements to support the security industry. Until we get behind this, we are subject to senior management’s interpretation and definition of the scope of the problem of loss.”

Unfortunately, low participation hampered the SLRI’s ability to find a reliable, representative average. Some of the most detailed questions were answered by only 24% of respondents. It is possible that security leaders didn’t feel comfortable sharing the data the survey requested.

Though the survey couldn’t provide the average cost of security-related loss as designed, it still offered some fascinating insight into how loss value calculation is being conducted. Download the free report now to read our findings.