The estimated cost to restore the database if it is entirely lost or corrupted is assessed as $1M, and the economic damage due to patients and doctors moving to other hospitals is estimated to be an additional $1M. Based on published information on cyberattacks in the health care industry, the estimated number of successful attacks based on exploitation of the vulnerability is four (4) per year, and each successful attack is estimated to cost the hospital 5% of the estimated total potential loss. Further assume that a commercial product has been identified that will reduce the loss from a breach by a factor of ten (10) to 0.5% of the total. What is the maximum annual total cost for this product to achieve a positive return on the investment to procure it (i.e., a positive Control Value)? Please add the steps to get the result.
Here, total estimated cost per year
= database recovery cost + economic damage
= $1,000,000 + $1,000,000 = $2,000,000
So, original actual loss incurred per year due to attacks
= total estimated cost per year * number of attacks per year * original percentage factor
= $2,000,000 * 4 * 0.05
= $400,000
Now, with the addition of new commercial product, actual losses incurred per year due to attacks, become 1/10 of original incurred losses per year due to attacks
= 0.1 * $400,000
= $40,000
For a positive return of investment, the total cost per year should not increase, i.e.
(new actual loss per year due to attacks) + (cost of commercial product per year) <=(original actual loss per year due to attacks)
=> $40,000 + (cost of commercial product per year) <= $400,000
=> (cost of commercial product per year) <= $360,000
Thus, the maximum beneficial annual cost of commercial product
= $360,000
Get Answers For Free
Most questions answered within 1 hours.