Ah. Thanks for clarifying. I picked this phrase up from Andrew’s interpretation.

If your threshold is total spending on the asset vs. total security costs, then that is a much lower hurtle, depending on your granularity.

Now that you have clarified it, I don’t agree with the premise that every digital asset *must* be at least what you spend on it. Maybe it’s so, or maybe not. It’s like the saying about advertising spending: “Half of my advertising budget is wasted, but I don’t know which half.”

If you believe Nicholas Carr and Paul Strassman, most digital assets are *not* worth what they cost, but a few are worth far more than their cost, and essentially pay for the rest.

After a few conversations, and having seen (part of) Russell Cameron Thomas’ post on the topic, I am beginning to realize that people are making a common mistake about Lindstrom’s Razor, which states:
The digital assets in question must be …

That [i.e. what you are willing to pay to keep it secure] part you added is incorrect. I intentionally meant the value of the assets themselves. So if you spend $24 million to deploy SAP in your environment, then that SAP deployment is worth at least $24 million to the enterprise.

Also, please note that the relationship between digital asset value and loss potential is still indeterminate in my mind.

thanks,

Pete