CyberSecurityTips #11: What is a Business Impact Analysis and why is it important?

A business impact analysis maps your risks to your assets and to some kind of a monetary hit or reputational hit (usually it is monetary as reputation is hard to measure), this helps you prioritise your controls and the risks to the organization, a BIA usually follows a risk assessment and is done in collaboration with various business unit owners.

An example would be having the risk of a “website unavailable”, for an e-commerce company that is very easy to quantify as you should know how many sales are done on average in an hour - say $30,000; This is the impact of having the website unavailable for one hour, we can also estimate the occurrence of such an event - say twice a year, and that’ll bring up the total impact to $60,000. We can now choose a control that would cost less than $60,000 to put in place.