How KPMG tells us to rethink risk
I just came across an interesting quote from one of the people interviewed for KPMG's " eCrime Report 2011." This seems to give a good perspective on how some information security threats are perceived by the business world.
Here's what this person said:
"You can't go to the board and talk about a 'rare but expensive' event and hope to get budget. Because they will ask you 'how expensive?' If you can't quantify that in money then you are not speaking the language of business. If it's less than 10 million, it's a rounding error. That makes you rethink risk."