Myth #16: Security risks can be quantified

In an ideal world, it may be true, but the reason for this misconception is actually the fact that managers need to justify their expenses and tend to put a price shield on everything.

How much would cost you if

– your website gets hacked?

– your network gets infected?

– Confidential data lands in the hand of hackers?

– user/customer information gets stolen?
Easy to make guess, but they are just wild guesses.

Best is to create a risk analysis and try to put tags on these risks like:

Probability to happen: High/Medium/Low

Cost to repair: <can be money, time>

Impact: <can be quantified in downtime, in hours of work in which people can’t work, reputation loss, etc.>


This is much better than to put a simple amount of money. It actually shows the exact impact on the company.

All these and many more topics are in the free eBook "Improve your security" available here:

About the Author

Sorin Mustaca, (ISC)2 CSSLP, CompTIA Security+ and Project+, is working since 2000 in the IT Security industry and until 2014 for Avira as Product Manager, where he was responsible for the known products used by over 100 million users world-wide. Serving the security needs of so many different users made him think that there are other ways of to help the users: teachning them about security.

By continuing to use the site, you agree to the use of cookies and to its Privacy Policy more information

The cookie settings on this website are set to "allow cookies" to give you the best browsing experience possible. If you continue to use this website without changing your cookie settings or you click "Accept" below then you are consenting to this.