By using this site, you agree to our Privacy Policy and our Terms of Use. Close
scottie on 01 May 2011
Edit Thread

Hi all, as a fun (well more so than what I am procrastinating from) thing to do, I thought we could try to work out how much the recent attacks cost Sony. Some analysts recently said that if it cost Sony what the average data breach cost a company/person's data stolen, the total would be $24 billion. I think that is skewed by the fact that data breeches can be much mroe serious than this one.

 

If you disagree with any of my reasoning, feel free to constructively criticise.

 

Assumptions

1) The attacks have been dealt with, and the loophole fixed.

2) No court cases are likely, or at least they will be dealt with cheaply.

 

Both of the above are not only very likely, but also required before we can predict - they're too much of a variable cost.

 

The cost is broken down into

 

- Cost to fix the problem

- Cost of the consumer goodwill program

- Cost of loss of revenue from loss of goodwill

 

The cost to fix it would have been significant - they  used internal personel and hired consultants. Let's say they had a team of 100 working 9-5 every day (including weekends) for the approximately 10 days that the service was down for, then multiply this number by 1.1 to take into account that there will still be increased work as the servers come back up, just for the internal team. That is 100*8*10*1.1 = 8800 manhours. If they're paying their staff/consultants $80 an hour, on average, that'd be 0.7 million. That actually seems like I must have been lowballing it, maybe there'd have been more than 100 people working on it? How much do IT consultants get paid anyway?

 

"engaged multiple expert information security firms over the course of several days and conducted an extensive audit of the system. Since then, the company has implemented a variety of new security measures to provide greater protection of personal information. SNEI and its third-party experts have conducted extensive tests to verify the security strength of the PlayStation Network and Qriocity services."

"the organization has worked around the clock to bring these services back online"

 

Addressing the consumer goodwill, they lose

$4 Per Playstation Plus Customer due to giving them a free month. Let's guess 5 million PSplus users? = $20 million

Some extra bandwidth due to those who weren't PSplus users using extra bandwidth on PSplus services = $0.1 * 32 million = 3.2 million.

" selected PlayStation entertainment content for free download" means either they have to pay to develop some new content, miss out on revenue from existing or make a deal with a 3rd party. Lets say $0.5 million worth of additional costs plus lost revenue.

 

As for cost of revenue loss from loss of consumer goodwill, that's a difficult one to answer. I would say it would be as much as $10 million, spread over many many years and many different sections of Sony. What do you guys reckon? Higher? Lower? 

 

That all adds up to 34.4 million. Considering I've probably missed some things, they no doubt did have some lawyers preparing a defence, and they have to do all the admin to deal with it, CEOs going to interviews means they aren't working etc. Lets round it up to 40 million then.

 

So a far cry from the sensationalist claims of $24 billion on average. A far cry from those who claimed it could end up as bad as RROD ($1 billion). However, it would be fairly significant ~ 2.5% of the total profit Sony has made on the PS family would be eaten up by this attack.