* [Blog](https://www.paloaltonetworks.com/blog)
* [Palo Alto Networks](https://www.paloaltonetworks.com/blog/corporate/)
* [Cybersecurity](https://www.paloaltonetworks.com/blog/category/cybersecurity-2/)
* A Few Thoughts on Krebs' ...

# A Few Thoughts on Krebs' View of What Business Leaders Should Know About the Value of Hacked Companies

[](https://www.facebook.com/sharer/sharer.php?u=https%3A%2F%2Fwww.paloaltonetworks.com%2Fblog%2F2016%2F07%2Fa-few-thoughts-on-krebs-view-of-what-business-leaders-should-know-about-the-value-of-hacked-companies%2F)  
[](https://twitter.com/share?text=A+Few+Thoughts+on+Krebs%E2%80%99+View+of+What+Business+Leaders+Should+Know+About+the+Value+of+Hacked+Companies&url=https%3A%2F%2Fwww.paloaltonetworks.com%2Fblog%2F2016%2F07%2Fa-few-thoughts-on-krebs-view-of-what-business-leaders-should-know-about-the-value-of-hacked-companies%2F)  
[](https://www.linkedin.com/shareArticle?mini=true&url=https%3A%2F%2Fwww.paloaltonetworks.com%2Fblog%2F2016%2F07%2Fa-few-thoughts-on-krebs-view-of-what-business-leaders-should-know-about-the-value-of-hacked-companies%2F&title=A+Few+Thoughts+on+Krebs%E2%80%99+View+of+What+Business+Leaders+Should+Know+About+the+Value+of+Hacked+Companies&summary=&source=)  
[](https://www.paloaltonetworks.com//www.reddit.com/submit?url=https://www.paloaltonetworks.com/blog/2016/07/a-few-thoughts-on-krebs-view-of-what-business-leaders-should-know-about-the-value-of-hacked-companies/&ts=markdown)  
\[\](mailto:?subject=A Few Thoughts on Krebs’ View of What Business Leaders Should Know About the Value of Hacked Companies)  
Link copied  
By [Davis Hake](https://www.paloaltonetworks.com/blog/author/davis-hake/?ts=markdown "Posts by Davis Hake")  
Jul 19, 2016  
4 minutes  
[Cybersecurity](https://www.paloaltonetworks.com/blog/category/cybersecurity-2/?ts=markdown)  
[Brian Krebs](https://www.paloaltonetworks.com/blog/tag/brian-krebs/?ts=markdown)  
[Krebs on Security](https://www.paloaltonetworks.com/blog/tag/krebs-on-security/?ts=markdown)  
[SecurityRoundtable.org](https://www.paloaltonetworks.com/blog/tag/securityroundtable-org/?ts=markdown)  
[US Cybersecurity Framework](https://www.paloaltonetworks.com/blog/tag/us-cybersecurity-framework/?ts=markdown)

Over the past several years, we have seen cybersecurity increasingly become a boardroom issue. A report sponsored by [Palo Alto Networks, Forbes, Financial Services Roundtable and Georgia Tech](https://www.paloaltonetworks.com/blog/2015/10/all-eyes-on-the-boardroom/?ts=markdown) in 2015 showed that the number of boards paying attention to cybersecurity has risen 33 percent since 2012. But, as Brian Krebs recently noted in his interesting blog post on [The Value of a Hacked Company](http://krebsonsecurity.com/2016/07/the-value-of-a-hacked-company/), senior execs should think a little deeper about the business impact of cyber incidents.

To highlight his point, Krebs turns the classic, "damage to business reputation" argument on its head and has built a helpful diagram showing how an attacker would look at the value of a company's data. Economic motivation can be a powerful incentive for criminal hackers, and the thinking is that senior leaders should know what an attacker is most interested in as this is the same data that they likely value and should focus on protecting. However, one key aspect that Krebs' model can dig deeper into is the externality costs from attackers looking to swim upstream into a company to achieve broader downstream effects. Think targeting one company in order to hit their clients. This style of attack has been a concern for[law firms](http://www.americanbar.org/news/abanews/aba-news-archives/2014/08/law_firms_not_doing.html) worried about protecting their clients' sensitive files; the [government protecting employee records](https://www.opm.gov/cybersecurity/cybersecurity-incidents/); and, for industrial control systems and the internet of things [vendors attached to critical infrastructure](https://ics-cert.us-cert.gov/sites/default/files/Monitors/ICS-CERT_Monitor_May-Jun2016_S508C.pdf).

As we have seen with [ransomware](https://www.paloaltonetworks.com/solutions/initiatives/ransomware?ts=markdown), criminal attackers are becoming much more efficient with their economic models for making serious cash. With last year's [takedown of CryptoWall v3](http://cyberthreatalliance.org/cryptowall-report.pdf), members of the [Cyber Threat Alliance](http://cyberthreatalliance.org/) discovered over $325 million in damages from this one campaign. Attackers are also highly sensitive to their profit model. A [recent Ponemon survey](https://www.paloaltonetworks.com/blog/2016/02/for-cyberattackers-time-is-the-enemy/?ts=markdown) noted that not only are a majority of attackers financially motivated, but also that a two-day increase in their workload is enough to dissuade them from continuing an attack.

What does all this mean for CEOs and board members? Unfortunately, to Krebs' point, it shows that adversaries likely understand the value of your data and how to access it better than you do. It also shows that business-savvy attackers driven by profit motive will look for opportunities to strike once and reap the benefits from large amounts of data. For a company, this generally means attackers will target data that you are holding on behalf of someone else or systems that are connected to many other targets. From a business risk standpoint, this blows your externality cost models out of the water.

The recent attacks utilizing the SWIFT global payment system are another excellent example. In this case, attackers appeared to be leveraging the trust in the SWIFT network not to take it down or gain sensitive IP but to use it as a conduit for perpetrating fraudulent transactions against other users. This hammers home that, even if you are the first victim of an attack, you may not be the primary victim but could still be potentially responsible. This has been a major concern in the cyber insurance market as well, where the complexity of these types of externality costs make it difficult to write policies that cover the full cost of major cyber incidents.

With all this being said, there is hope! Krebs ends with a pitch for an effort that is near and dear to my heart: the Cybersecurity Framework that was launched in a public-private partnership by the U.S. government and private sector in 2014. The Framework emphasizes that investments made against your specific business risks can have a huge effect on increasing your cybersecurity. From a Palo Alto Networks perspective, we speak about this as focusing on preventing successful attacks by matching your investments to the right personnel training, proper security processes, and next-generation technology, in order to raise the cost for attackers at every step in the attack lifecycle. This strategic level of planning for prevention rests largely in the hands of senior leaders, and oversight of these risk reduction measures is becoming a key board responsibility as well.

Kudos to Krebs for helping to generate discussion and build out more data around bringing cyber to the boardroom. For more information on how to plan for, prevent and respond to cyberattacks, check out some of the great articles from our partners at the [SecurityRoundtable.org](https://www.securityroundtable.org/).

*** ** * ** ***

## Related Blogs

### [AI Governance](https://www.paloaltonetworks.com/blog/category/ai-governance/?ts=markdown), [AI Security](https://www.paloaltonetworks.com/blog/category/ai-security/?ts=markdown), [Cybersecurity](https://www.paloaltonetworks.com/blog/category/cybersecurity-2/?ts=markdown), [Partners](https://www.paloaltonetworks.com/blog/category/partners/?ts=markdown)

[#### AI, Quantum Computing and Other Emerging Risks](https://www.paloaltonetworks.com/blog/2025/10/ai-quantum-computing-emerging-risks/)

### [AI and Cybersecurity](https://www.paloaltonetworks.com/blog/security-operations/category/ai-and-cybersecurity/?ts=markdown), [AI Security](https://www.paloaltonetworks.com/blog/category/ai-security/?ts=markdown), [Cybersecurity](https://www.paloaltonetworks.com/blog/category/cybersecurity-2/?ts=markdown), [Data Security](https://www.paloaltonetworks.com/blog/category/data-security/?ts=markdown), [Incident Response](https://www.paloaltonetworks.com/blog/category/incident-response/?ts=markdown), [Reports](https://www.paloaltonetworks.com/blog/category/reports/?ts=markdown), [Unit 42](https://www.paloaltonetworks.com/blog/category/unit42/?ts=markdown)

[#### The Case for Multidomain Visibility](https://www.paloaltonetworks.com/blog/2025/10/case-for-multidomain-visibility/)

### [AI Governance](https://www.paloaltonetworks.com/blog/category/ai-governance/?ts=markdown), [Cybersecurity](https://www.paloaltonetworks.com/blog/category/cybersecurity-2/?ts=markdown), [Government](https://www.paloaltonetworks.com/blog/category/government/?ts=markdown), [Public Sector](https://www.paloaltonetworks.com/blog/category/public-sector/?ts=markdown)

[#### Improving National Security Through Secure AI](https://www.paloaltonetworks.com/blog/2025/05/improving-national-security-through-secure-ai/)

### [Cybersecurity](https://www.paloaltonetworks.com/blog/category/cybersecurity-2/?ts=markdown), [Government](https://www.paloaltonetworks.com/blog/category/government/?ts=markdown), [Public Sector](https://www.paloaltonetworks.com/blog/category/public-sector/?ts=markdown)

[#### Making Every Dollar Count for Federal Cybersecurity](https://www.paloaltonetworks.com/blog/2025/03/making-every-dollar-count-federal-cybersecurity/)

### [Cybersecurity](https://www.paloaltonetworks.com/blog/category/cybersecurity-2/?ts=markdown), [Products and Services](https://www.paloaltonetworks.com/blog/category/products-and-services/?ts=markdown), [Reports](https://www.paloaltonetworks.com/blog/category/reports/?ts=markdown), [Threat Prevention](https://www.paloaltonetworks.com/blog/category/threat-prevention-2/?ts=markdown), [Threat Research](https://www.paloaltonetworks.com/blog/category/threat-research/?ts=markdown), [Unit 42](https://www.paloaltonetworks.com/blog/category/unit42/?ts=markdown)

[#### Top Three Ways Organizations Were Unprepared for Cyberattacks in 2023](https://www.paloaltonetworks.com/blog/2024/11/top-three-ways-organizations-were-unprepared-for-cyberattacks-in-2023/)

### [Cybersecurity](https://www.paloaltonetworks.com/blog/category/cybersecurity-2/?ts=markdown), [Products and Services](https://www.paloaltonetworks.com/blog/category/products-and-services/?ts=markdown), [Threat Prevention](https://www.paloaltonetworks.com/blog/category/threat-prevention-2/?ts=markdown)

[#### GenAI in Cybersecurity --- Threats and Defenses](https://www.paloaltonetworks.com/blog/2024/10/genai-in-cybersecurity-threats-and-defenses/)

### Subscribe to the Blog!

Sign up to receive must-read articles, Playbooks of the Week, new feature announcements, and more.
![spinner](https://www.paloaltonetworks.com/blog/wp-content/themes/panwblog2023/dist/images/ajax-loader.gif) Sign up  
Please enter a valid email.  
By submitting this form, you agree to our [Terms of Use](https://www.paloaltonetworks.com/legal-notices/terms-of-use?ts=markdown) and acknowledge our [Privacy Statement](https://www.paloaltonetworks.com/legal-notices/privacy?ts=markdown). Please look for a confirmation email from us. If you don't receive it in the next 10 minutes, please check your spam folder.  
This site is protected by reCAPTCHA and the Google [Privacy Policy](https://policies.google.com/privacy) and [Terms of Service](https://policies.google.com/terms) apply.  
{#footer} {#footer}

## Products and Services

* [AI-Powered Network Security Platform](https://www.paloaltonetworks.com/network-security?ts=markdown)

* [Secure AI by Design](https://www.paloaltonetworks.com/precision-ai-security/secure-ai-by-design?ts=markdown)

* [Prisma AIRS](https://www.paloaltonetworks.com/prisma/prisma-ai-runtime-security?ts=markdown)

* [AI Access Security](https://www.paloaltonetworks.com/sase/ai-access-security?ts=markdown)

* [Cloud Delivered Security Services](https://www.paloaltonetworks.com/network-security/security-subscriptions?ts=markdown)

* [Advanced Threat Prevention](https://www.paloaltonetworks.com/network-security/advanced-threat-prevention?ts=markdown)

* [Advanced URL Filtering](https://www.paloaltonetworks.com/network-security/advanced-url-filtering?ts=markdown)

* [Advanced WildFire](https://www.paloaltonetworks.com/network-security/advanced-wildfire?ts=markdown)

* [Advanced DNS Security](https://www.paloaltonetworks.com/network-security/advanced-dns-security?ts=markdown)

* [Enterprise Data Loss Prevention](https://www.paloaltonetworks.com/sase/enterprise-data-loss-prevention?ts=markdown)

* [Enterprise IoT Security](https://www.paloaltonetworks.com/network-security/enterprise-device-security?ts=markdown)

* [Medical IoT Security](https://www.paloaltonetworks.com/network-security/medical-device-security?ts=markdown)

* [Industrial OT Security](https://www.paloaltonetworks.com/network-security/medical-device-security?ts=markdown)

* [SaaS Security](https://www.paloaltonetworks.com/sase/saas-security?ts=markdown)

* [Next-Generation Firewalls](https://www.paloaltonetworks.com/network-security/next-generation-firewall?ts=markdown)

* [Hardware Firewalls](https://www.paloaltonetworks.com/network-security/hardware-firewall-innovations?ts=markdown)

* [Software Firewalls](https://www.paloaltonetworks.com/network-security/software-firewalls?ts=markdown)

* [Strata Cloud Manager](https://www.paloaltonetworks.com/network-security/strata-cloud-manager?ts=markdown)

* [SD-WAN for NGFW](https://www.paloaltonetworks.com/network-security/sd-wan-subscription?ts=markdown)

* [PAN-OS](https://www.paloaltonetworks.com/network-security/pan-os?ts=markdown)

* [Panorama](https://www.paloaltonetworks.com/network-security/panorama?ts=markdown)

* [Secure Access Service Edge](https://www.paloaltonetworks.com/sase?ts=markdown)

* [Prisma SASE](https://www.paloaltonetworks.com/sase?ts=markdown)

* [Application Acceleration](https://www.paloaltonetworks.com/sase/app-acceleration?ts=markdown)

* [Autonomous Digital Experience Management](https://www.paloaltonetworks.com/sase/adem?ts=markdown)

* [Enterprise DLP](https://www.paloaltonetworks.com/sase/enterprise-data-loss-prevention?ts=markdown)

* [Prisma Access](https://www.paloaltonetworks.com/sase/access?ts=markdown)

* [Prisma Browser](https://www.paloaltonetworks.com/sase/prisma-browser?ts=markdown)

* [Prisma SD-WAN](https://www.paloaltonetworks.com/sase/sd-wan?ts=markdown)

* [Remote Browser Isolation](https://www.paloaltonetworks.com/sase/remote-browser-isolation?ts=markdown)

* [SaaS Security](https://www.paloaltonetworks.com/sase/saas-security?ts=markdown)

* [AI-Driven Security Operations Platform](https://www.paloaltonetworks.com/cortex?ts=markdown)

* [Cloud Security](https://www.paloaltonetworks.com/cortex/cloud?ts=markdown)

* [Cortex Cloud](https://www.paloaltonetworks.com/cortex/cloud?ts=markdown)

* [Application Security](https://www.paloaltonetworks.com/cortex/cloud/application-security?ts=markdown)

* [Cloud Posture Security](https://www.paloaltonetworks.com/cortex/cloud/cloud-posture-security?ts=markdown)

* [Cloud Runtime Security](https://www.paloaltonetworks.com/cortex/cloud/runtime-security?ts=markdown)

* [Prisma Cloud](https://www.paloaltonetworks.com/prisma/cloud?ts=markdown)

* [AI-Driven SOC](https://www.paloaltonetworks.com/cortex?ts=markdown)

* [Cortex XSIAM](https://www.paloaltonetworks.com/cortex/cortex-xsiam?ts=markdown)

* [Cortex XDR](https://www.paloaltonetworks.com/cortex/cortex-xdr?ts=markdown)

* [Cortex XSOAR](https://www.paloaltonetworks.com/cortex/cortex-xsoar?ts=markdown)

* [Cortex Xpanse](https://www.paloaltonetworks.com/cortex/cortex-xpanse?ts=markdown)

* [Unit 42 Managed Detection \& Response](https://www.paloaltonetworks.com/cortex/managed-detection-and-response?ts=markdown)

* [Managed XSIAM](https://www.paloaltonetworks.com/cortex/managed-xsiam?ts=markdown)

* [Threat Intel and Incident Response Services](https://www.paloaltonetworks.com/unit42?ts=markdown)

* [Proactive Assessments](https://www.paloaltonetworks.com/unit42/assess?ts=markdown)

* [Incident Response](https://www.paloaltonetworks.com/unit42/respond?ts=markdown)

* [Transform Your Security Strategy](https://www.paloaltonetworks.com/unit42/transform?ts=markdown)

* [Discover Threat Intelligence](https://www.paloaltonetworks.com/unit42/threat-intelligence-partners?ts=markdown)

## Company

* [About Us](https://www.paloaltonetworks.com/about-us?ts=markdown)
* [Careers](https://jobs.paloaltonetworks.com/en/)
* [Contact Us](https://www.paloaltonetworks.com/company/contact-sales?ts=markdown)
* [Corporate Responsibility](https://www.paloaltonetworks.com/about-us/corporate-responsibility?ts=markdown)
* [Customers](https://www.paloaltonetworks.com/customers?ts=markdown)
* [Investor Relations](https://investors.paloaltonetworks.com/)
* [Location](https://www.paloaltonetworks.com/about-us/locations?ts=markdown)
* [Newsroom](https://www.paloaltonetworks.com/company/newsroom?ts=markdown)

## Popular Links

* [Blog](https://www.paloaltonetworks.com/blog/?ts=markdown)
* [Communities](https://www.paloaltonetworks.com/communities?ts=markdown)
* [Content Library](https://www.paloaltonetworks.com/resources?ts=markdown)
* [Cyberpedia](https://www.paloaltonetworks.com/cyberpedia?ts=markdown)
* [Event Center](https://events.paloaltonetworks.com/)
* [Manage Email Preferences](https://start.paloaltonetworks.com/preference-center)
* [Products A-Z](https://www.paloaltonetworks.com/products/products-a-z?ts=markdown)
* [Product Certifications](https://www.paloaltonetworks.com/legal-notices/trust-center/compliance?ts=markdown)
* [Report a Vulnerability](https://www.paloaltonetworks.com/security-disclosure?ts=markdown)
* [Sitemap](https://www.paloaltonetworks.com/sitemap?ts=markdown)
* [Tech Docs](https://docs.paloaltonetworks.com/)
* [Unit 42](https://unit42.paloaltonetworks.com/)
* [Do Not Sell or Share My Personal Information](https://panwedd.exterro.net/portal/dsar.htm?target=panwedd)
  ![PAN logo](https://www.paloaltonetworks.com/etc/clientlibs/clean/imgs/pan-logo-dark.svg)
* [Privacy](https://www.paloaltonetworks.com/legal-notices/privacy?ts=markdown)
* [Trust Center](https://www.paloaltonetworks.com/legal-notices/trust-center?ts=markdown)
* [Terms of Use](https://www.paloaltonetworks.com/legal-notices/terms-of-use?ts=markdown)
* [Documents](https://www.paloaltonetworks.com/legal?ts=markdown)

Copyright © 2026 Palo Alto Networks. All Rights Reserved

* [![Youtube](https://www.paloaltonetworks.com/etc/clientlibs/clean/imgs/social/youtube-black.svg)](https://www.youtube.com/user/paloaltonetworks)
* [![Podcast](https://www.paloaltonetworks.com/content/dam/pan/en_US/images/icons/podcast.svg)](https://www.paloaltonetworks.com/podcasts/threat-vector?ts=markdown)
* [![Facebook](https://www.paloaltonetworks.com/etc/clientlibs/clean/imgs/social/facebook-black.svg)](https://www.facebook.com/PaloAltoNetworks/)
* [![LinkedIn](https://www.paloaltonetworks.com/etc/clientlibs/clean/imgs/social/linkedin-black.svg)](https://www.linkedin.com/company/palo-alto-networks)
* [![Twitter](https://www.paloaltonetworks.com/etc/clientlibs/clean/imgs/social/twitter-x-black.svg)](https://twitter.com/PaloAltoNtwks)
* EN  
  Select your language