We now know that no organization is immune to data breaches. Many breaches have major, sometimes potentially catastrophic, consequences. There have been many widely discussed data breaches involving major commercial, military, government as well as political organizations in recent years.  The published reports suggest widely different estimates of the breach costs. The different estimation methods lead to considerable confusion and disagreements in this field. The confusion often arises from experts often looking at only some of the attributes of the problem, and making assumptions that may be grossly inaccurate. There has been almost no formal research on this topic.

The presentation will discuss an effort to develop a systematic estimation model, based on a consolidation of what is known and has been proposed, which will assist in a reliable determination of the quantitative estimates. It will also allow identification of issues that need investigation. An open modeling approaches resulting from this research will allow refinements of approaches as further data becomes available.