What is the industry average for organizational cost of loss due to security incidents? How are we measuring events like fraud and corporate security incidents like armed robbery?
At Resolver, we can get pretty passionate about measuring and demonstrating security team value. When your leadership can’t quantify your efforts, securing the security budgets needed to serve overall business objectives is tougher.
We recently partnered with the Security Executive Council’s (SEC) Security Leadership Research Institute (SLRI) to conduct a survey investigating the organizational cost of loss. The goal of the initiative was to collect enough data to find an industry average for cost of loss that includes fraud and other types of events such as:
While the Association of Certified Fraud Examiners tracks cost of loss for occupational fraud, there is currently no public research that includes fraud and other loss categories. Yet, we hear from security professionals daily about the need to articulate security metrics to leadership.
This is disappointing, says Bob Hayes, Managing Director of the SEC. “The security industry lacks the ability to quantify the business impact and results of risk mitigation. One of the SEC’s initiatives is to establish a common language and common measurements to support the security industry. Until we get behind this, we are subject to senior management’s interpretation and definition of the scope of the problem of loss.”
Unfortunately, low participation hampered the SLRI’s ability to find a reliable, representative average. Some of the most detailed questions were answered by only 24% of respondents. It is possible that security leaders didn’t feel comfortable sharing the data the survey requested.
Though the survey couldn’t provide the average cost of security-related loss as designed, it still offered some fascinating insight into how loss value calculation is being conducted. Download the free report now to read our findings.