Final Report: Pan-European Cyber Security Exercise 32
Orome1 writes "The EU's cyber security agency, ENISA, has issued its final report (PDF) on the first Pan-European cyber security exercise for public bodies, Cyber Europe 2010. The exercise was conducted on the 4th of November, 2010. Its objective was to trigger communication and collaboration between countries in the event of large-scale cyber-attacks. Over 70 experts from the participating public bodies worked together to counter over 300 simulated hacking attacks aimed at paralyzing the Internet and critical online services across Europe. During the exercise, a simulated loss of Internet connectivity between the countries took place, requiring cross-border cooperation to avoid a (simulated) total network crash."
Re:Cost figures (Score:4, Insightful)
That's a good question, and one suspects the answer is that they ask security consultants and companies, who have a stake in hyping up these costs, to pull figures out of the air. Googling gives for example this article [telegraph.co.uk], quote
"In order to figure out the financial losses businesses incurred during 2009, Symantec asked companies to look at a range of factors which negatively impacted them as a result of cyber crime – such as lost revenue, loss of customer relationships and damage to their firm’s brand. This came out at a mean average of £1.2 million per company. "
Putting a dollar value on "loss of customer relationships", "damage to the firms brand" etc is not even guesswork, it really is just pick-a-number. If the firm wasn't lax in it's security, there shouldn't be any significant damage to the brand. Losses directly due to downtime could be established meaningfully, but overall I think the figures are pretty much as meaningless as the figures the record companies come up with for losses due to piracy.
Re:Cost figures (Score:4, Insightful)