Last week, two-person teams of St. Joseph’s (of Philadelphia) undergrads embarked on a quest for the Analytics Cup. It’s 80 inches tall, a gleaming plastic, and is bestowed by professor Ronald Klimberg on the team that does the best work in using data analytics to solve a business problem.
Some of them will analyze historical data on consumption at a local brewery. Others will look at a soccer team’s season ticket holders’ behavior. What gets alumni to give to St. Joe’s? That's on tap, too.
And yet another two teams will examine the impact of data breaches on organizations and attempt to create a tool that will allow companies to predict the financial hit of a data breach on their own organization.
This last bit is thanks to Bob Siegel, head of the consulting firm Privacy Ref, who cooked up the project with his cousin, Klimberg, over beers at a family wedding. “We had talked several times,” Klimberg said, “and I sort of took it to the next level and said, ‘Hey, this would be a lot of fun.’”
And, hopefully, useful, too.
Businesses are looking for a tool where they can plug in their own data holdings, their own business models, and more accurately predict their own risk.
Of course, the industry has great work like the Ponemon-IBM study examining the cost of a breach. This year, the average breach caused $4 million in damage, or roughly $158 per lost record. “But they’re looking in the rearview mirror,” said Siegel. “What happened in the last year and what have the costs been? While they’re good general estimates, every organization has their own costs that are unique. It varies by industry; it varies by country. So, for a large enterprise, what are their unique costs?”
Businesses are looking for a tool where they can plug in their own data holdings, their own business models, and more accurately predict their own risk.
Can undergrads handle that sort of thing?
“They’ll be challenged,” Klimberg allowed. “It’s not an end of the chapter problem; they’ll have to really work with Bob and ask him for the right data and see what the issue is and then develop the model.”
Hopefully, not just Siegel. The undergrads will be looking for privacy professionals who might be able to share some real-world data that they can plug in to run simulations and see how accurately they can predict events that have already happened. Siegel says interested parties can reach out to him here on the show floor of Privacy. Security. Risk. this week in San Jose, or follow up after the event.
Even with real-world data, it’s hard to know what the winning team will come up with.
“I’ve done this for numerous years,” said Klimberg, “and this is not the first time for the cup. In general, I would say some of the students are extremely brilliant. They try things and you go, ‘Oh my god, that’s brilliant.’ On the other hand, they do things that are totally stupid.”
Even if the result is a disaster, the pursuit is worthwhile, Siegel said. “I don’t expect it to happen, but if it is a failure, I think that’s important to disclose as well,” he said. “What did we find, what did we do wrong, and what will we do next time? That way every company doesn’t go down the wrong path and waste their time.”
Plus, the kids have an ace up their sleeve: “I think I know how I might do it already,” Klimberg admitted, “and I’ll guide them to it. But we’ll see where they go.”
Siegel will be part of a judging panel to determine the winner of the Analytics Cup at the end of the semester in December. Look for the winning breach-cost prediction tool to be presented on the Little Big Stage in the exhibit hall at the annual IAPP Global Privacy Summit in April.