Lost Customer Information: What Does a Data Breach Cost Companies?, Ponemon Institute Survey sponsored by PGP Corporation, PDF. The Ponemon Institute’s benchmark study, sponsored by PGP Corporation, examines the costs incurred by 14 companies that experienced a data breach. Results were not hypothetical responses to possible situations; they represent cost estimates for activities resulting from data loss incidents.
Tangible ROI Through Secure Software Engineering, Soo Hoo K, Sudbury AW, & Jaquith AR, Secure Business Quarterly, 5 pp, Q2 2001, PDF. Securely engineering software to proactively fix problems has a concrete value. In this study of investments in security made during the design phase the authors show that ROI can be up to 21 percent.
The Economic Impact of Cyber Attacks, Cashell B, Jackson WD, Jickling M, & Baird W, Government and Finance Division, Congressional Research Service, The Library of Congress, document RL32331, 45 pp, 1 April 2004, PDF. This report surveys the state of knowledge on the cost of cyber-attacks and the economics of information security.
First, we summarize several studies that use stock market capitalization as a measure of the cost of cyber-attacks to victim firms.
Second, we present summaries of the existing empirical data on costs attributable to cyber-crime and computer worms and viruses.
Third, we analyze the reasons for the lack of statistical data.
Fourth, we examine the efforts of the insurance industry to develop policies that cover cyber-risk.
Finally, we consider cyber-attacks as macroeconomic events.
"If the numbers are boring, then you've got the wrong numbers" — Edward Tufte