September 29, 2017 |

F-Secure helps organisations predict the actual cost of a breach

New service quantifies breach impact in real numbers before it happens, empowering decision makers to invest in the right security controls. Buckinghamshire, UK – 13th September 2017: What’s the cost of a data breach? Depending on who you ask, anywhere from $200,000 to $3.6 million* and higher. Such averages, while useful in tracking trends, are […]

New service quantifies breach impact in real numbers before it happens, empowering decision makers to invest in the right security controls.

Buckinghamshire, UK – 13th September 2017: What’s the cost of a data breach? Depending on who you ask, anywhere from $200,000 to $3.6 million* and higher. Such averages, while useful in tracking trends, are meaningless when it comes to predicting actual breach impact to a specific company. To help companies predict and manage their risk, F-Secure has introduced Cyber Breach Impact Quantification (CBIQ), a new service that quantifies the cost of cyber breach impact to an organisation.

Client data from F-Secure risk management assessments suggests most large organisations are ill-prepared to handle breaches: While half (50%) have a crisis management team that’s prepared for physical disasters or business disruptions, only a fifth (20%) have a crisis management team capable of effectively leading a cyber crisis. Sixty-five per cent of companies have never run a crisis management exercise to rehearse a cyber incident. Quantifying the cost of a potential breach can help spur organisations to take action to become more prepared and resilient.

“Companies think it’s too difficult to quantify cyber risks so they invest millions in all sorts of controls, just to be on the safe side,” says Marko Buuri, principal risk management consultant at F-Secure. “But they may be investing in the wrong places, and when the actual breach happens, they’re caught off-guard. CBIQ removes that ambiguity, so they know the right level of security investment they’ll need to protect their core assets.”

Predicting breach cost before it happens lets decision makers know how much is actually at stake, enabling them to make informed cyber risk decisions. It empowers them to focus cyber investments in the right places, provides justification for security spending, and informs decisions related to cyber insurance. It also improves the quality of risk reporting, bringing results down to hard numbers.

Expert knowledge + purpose-built simulator tool = Defendable results

When performing a CBIQ assessment, F-Secure consultants workshop with and interview knowledgeable people in the organisation to analyse operational activities. They factor in multiple loss forms associated with breaches, such as costs of forensic investigations, service restoration, legal response, communication activities and business interruption.

Consultants feed these costs into F-Secure’s unique purpose-built simulator tool, which calculates the most likely outcomes and determines the mean and standard deviations in real time. Developed based on years of firsthand expertise investigating and helping organisations recover from real-world cyber breaches, the tool provides quick, cost-effective results and visually clear, understandable reports. The final CBIQ outcome is a risk report based on an organisation’s own cost structure and expected losses.

Buuri says the CBIQ approach differs from usual methods of representing risk in categories such as high, medium or low that are produced by general tools such as Excel. “Where other risk assessments show vague, debatable results, we show definitive numbers based on transparent, justifiable input. Why settle for guesstimates when you can produce a defendable view of the risk?”

CBIQ is a part of F-Secure’s complete risk management service portfolio. Services include Incident Response Maturity Assessments which offer a comprehensive view of the maturity level of a company’s key cyber resilience capabilities, as well as risk process development, crisis management exercises, risk modelling, workshop facilitation and training.

*Rand Corp. estimates the average cost of a data breach is $200,000 The Ponemon Institute estimates the average cost at $3.6 million


More Information

F-Secure Risk and Security Management Advisory Services




About F-Secure

Nobody knows cyber security like F-Secure. For three decades, F-Secure has driven innovations in cyber security, defending tens of thousands of companies and millions of people. With unsurpassed experience in endpoint protection as well as detection and response, F-Secure shields enterprises and consumers against everything from advanced cyber attacks and data breaches to widespread ransomware infections. F-Secure’s sophisticated technology combines the power of machine learning with the human expertise of its world-renowned security labs for a singular approach called Live Security. F-Secure’s security experts have participated in more European cyber crime scene investigations than any other company in the market, and its products are sold all over the world by over 200 broadband and mobile operators and thousands of resellers.


Founded in 1988, F-Secure is listed on the NASDAQ OMX Helsinki Ltd. |


F-Secure media relations


Rebecca Kiely

+44 7720 677032



Latest Events
Press Archives
Select Year

Latest Press Releases

March 15, 2018

F-Secure’s Aviation Cyber Security Services Takes Off

F-Secure’s new service combines expertise in aviation and cyber security to help aviation companies protect their most critical assets. Buckinghamshire, UK – March 15, 2018: Trust is everything in the aviation industry. And a successful cyber attack – even a minor one against something like an in-flight entertainment system – could undermine confidence in airlines […]

February 28, 2018

F-Secure Introduces Unique Partner-Driven Service to Stop Targeted Cyber Attacks Globally

Channel partners have immense new service opportunities to protect their customers from rising numbers of targeted and fileless attacks with a leading-edge managed endpoint detection and response service. Buckinghamshire, UK – February 28, 2018: Businesses globally are being compromised by an onslaught of targeted and fileless cyber attacks, and industry-leading cyber security vendor F-Secure is […]

February 22, 2018

Incident Detection, Email Attacks Continue to Cause Headaches for Companies

F-Secure’s new Incident Response Report points to email inboxes as the weakest link in security perimeters, and finds that companies struggle with quickly and accurately detecting security incidents. Buckinghamshire, UK – February 22, 2018: Over one-third of all security incidents start with phishing emails or malicious attachments sent to company employees, according to a new […]

February 14, 2018

F-Secure appoints Beta Distribution as a UK distributor of security solutions for corporate resellers

Buckinghamshire, UK – 14th February 2018: Global cyber security company F-Secure today announces the appointment of Beta Distribution as a UK distributor for corporate resellers. Beta Distribution, Headquartered in London and with offices throughout the UK, is a specialist product, services and solutions IT distributor which serves over 3,000 resellers across the UK, including over […]

%d bloggers like this: