Slashdot Mirror
What's The Actual Cost of A Virus?
ThosLives writes "CNN Money just posted a story that says the MyDoom virus may cost businesses $250M. My favorite quote is that for small to medium businesses with 400 or less employees, the estimate is between $48,000 and $58,000 cost to 'secure themselves' from the particular virus. Does anyone know where that number comes from? If one can charge a year's salary to fix one virus, I'm in the wrong job! Any input out there on the real, hard costs of things such as virus protection?"
How much lost productivity from your staff?
Dealing with all the bounced messages and help desk queries take time away from productive work.
This is one of those hand-waving statistics that is useful for showing the business leaders, but it's practically useless in day to day network protection.
These numbers used to be in the billions of dollars, but now they are more reasonable in the millions. If anything, it shows a trend in the perception of the value of data in a downwards direction. Everyone thinks data is some really important thing which should have a high value, but as more and more data is brought into the open (including, but not limited to, source code) the value of data drops.
I have been pwned because my
The truth of the matter is that it doesn't cost this much. People claimed that rtm's worm in 1988 cost $10 million due to losses in the stock market. But stocks come back up to what they were once people aren't scared anymore. Noone lost money (except rtm who lost $10k).
As has been said 100 times before, there are 3 types of lies: lies, damned lies, and statistics. This is just another case of statistics being used to lie.
Virus making is actually a good way to make profits. Hire one guy to write the virus, a few hundred thousand dollars spent on writing an antivirus program, and then sell millions of copies of said program at $50 apiece to people whose PCs were infected when they opened a program called Happy99.exe from Grandma.
The World is Yours.
The biggest cost of these sort of virus is time.
Time waiting for your 'net link to do what you've paid for it to do while your email server chokes on hundreds of incoming virus emails.
Time wasted by tech staff explaining to every user at least once to not click that file (or if the organisation has virus scanning) to ignore the ten dozen "virus has been nuked" warning emails.
Time wasted by staff who have to spend time ignoring this junk, replying to warnings about the thing from their naieve friends and family emailing then CNN URLs and saying, "is this for real?"
Time wasted making sure the company virus protection is up to date on laptop machines that get infected at home on 'raw' Internet connections then get plugged into the pristine corporate network in the morning. Time wasted fixing machine that weren't caught in time.
This sort of cost really adds up...
But also, I feel user education can help a lot. Companies need to start implementing some sort of formal e-mail and internet usage training when people join the company and a refresher every so often.
There's no place like localhost
Do your math: you say between $48K and $58K per small biz, so let's take a lowly $50K average. The sum is supposed to be $250M, which is only 5000 times those $50K.
are there only 5000 small businesses out there?
i think not.
So those $48K to $58K must certainly be understood as a "worst case" figure applying only to a fraction of businesses out there
The cost isn't just the guy who "downloads the anti-virus-defs". The cost comes from machines not being usable for some time before the worm is under control, from people who have to sort through hundreds of junk bounces, from preemptively switching passwords on all infected and related systems. The sad thing is that it's hardly possible to prevent these costs. That would raise the value of the IT department close to the avoided costs. But how do you defend against users who activate worms while actively working around restrictions to see the attachment?
If a company has to spend 58,000 dollars to protect themselves from a virus.
That's 58,000 dollars they should of spent a LONG time ago.
In computers, like everywhere else in life, a ounce of prevention is worth a pound of cure.
Someplaces it's costs 100's of thousands of dollars to recover from a virus.
However other places it doesn't cost anything.
Because they went thru the steps to protect themselves BEFORE it became a emergancy. It's the difference between spending money and hiring good admins vs being cheap and going out of business later because while your busy patching and crapping on yourselves because you've got owned while your competition is busy making money and taking over your markets.
Any moron who works at a company and opens said attachment should be fired anyway.
...all reverse vacuumed into the shitpipe because you made one mistake. There's no excuse for being human in an inhuman workplace. Take your parting gifts, pack up your shit and get the fuck out. Time to watch your career get destroyed.
So remember folks: all those years of school, training, reading, getting up at 5:30AM, working your ass off, overtime, weekends, holidays, sitting in meetings, telling your asshole boss how smart he is...
Business isn't willing to pay for products, innovation and careers, so we get brands, mortgage commercials and layoffs.
it seems like it would actually be LESS expensive for businesses to run Mac or Linux boxes than Windows. Or at least use a mix of OSes so not everything is vulnerable.
Perhaps that would be sound corporate IT strategy?
is that for the download of a free email client, Mozilla, none of these fake losses would be incurred.
The articles about losses from email worms consistenlty fail to adress the problem of crap email clients (or more correctly, THE crap email client) that causes this problem. They also give the same two pieces of advice, "use anti-virus software and dont open attachments", conspicuosly leaving out the most important advice: change your email client.
Is it because they are embarrassed that they use this same client, and havent got the brains to switch to Mozilla? How can they give advice to people to change email clients when they cant do it themselvs?
ATH0 Bitcoin: 1DnwFLXczVZV8kLJbMYoheUrpqHesjxrSi
The cost is not actually an actual loss as in they have to pay for it. It is more of an opportunity cost.
What they mean is instead of using the time to fix up and repair the damages of the virus, that time could have been used generating profit for the business.
Since they are not being productive during the time the virus is being sorted out they are losing money because of it. Hence the cost of fixing viruses.
1. The market is already flooded with anti-virus applications, many of which are free.
2. No business would invest into an application made by a freshman software company. They would choose experience and mindshare over empty, unsubstantiated promises.
3. It doesn't take few hundred thousand to write a decent AV application. You can create one on a shoestring budget and package it under $10,000 or less.
4. You're assuming none of the AV products would be able to provide a "fix" for said virus, which would create a market for this fresh application. In the AV world, there is no such thing as "exclusive fix" to a widespread problem.
You're forgetting about the cost of re-educating the administrative staff like secretaries.
And don't tell me you don't have to. Your typical secretary gets confused when you install a new version of Office or the toolbar is different from the setup he's used to. How do you think he'll react to a completely different environment like Open Office?
Actually, that's more like the cost to NOT get viruses. Their talking about how much it costs if you don't do that stuff, and have to clean up afterwards (and pay someone else to tell you how).
Forget thrust, drag, lift and weight. Airplanes fly because of money.
A couple of hours ? It takes just 20 minutes to run Spybot SD en Adaware. :t m
Realtime protection is also available
http://www.veloci.dk/index.asp?visnu=ppdownl.h
The big costs are a sum of the following: - wasted work time due to reading panic articles - wasted work time because the IT department immediately shuts down all email communication; - wasted time because "my wife just lost all her files... must be a virus"; and finally - lost time trying to calculate jurnalist estimates = total waste of brainpower And... if you sum all that, the above-mentionned costs start looking like peanuts
http://www.automatiq.se
I know this may come as a shock, but there are plenty of careers where computers are a tool, not an end in and of themselves.
I work in IT for a large retailer in the US. Most of our non-IT people are paid well because they sell lots of merchandise to customers and keep them coming back. People who are good at that tend *not* to have the time to learn how to use something like Linux.
I used to have a similar sort of superior attitude about the vast majority of people out there who don't understand computer issues in any sort of detail. Then I started noticing how irritating it was when people who were specialized in other fields - e.g. medicine, car mechanics - did the same thing to me.
I can understand giving someone a bit of trouble if they're clueless *and* work in a tech-related field, but not if they just use computers as a tool for getting something else done.
Do you honestly know how to disassemble and repair your car and home appliances, or perform surgery? My body gets more use than my home or work PCs by default, but I can't perform more than basic repairs on it. Does that make me a moron? No, it just means that I do something else for a living.
"...always new atoms but always doing the same dance, remembering what the dance was yesterday." -Richard Feynman
You don't pay tax over loss in earnings. That should make many managers and accountants *VERY* happy. Now how come you *NEVER* find even a rough estimate of the cost of virusses and worm attacks on the financial balance presentations of *ANY* corporations.
I mean, $48000-58000 for each attack is a lot on the balance of a healthy 400 employee company ($3,000,000 revenue, $100,000 EBITA).
--
I cannot conceive that anybody will require multiplications at the rate of 40,000 or even 4,000 per hour -- F. H. Wales (1936)
Where oh where do they get these figures? At my company we have two lines of defense...One is TrendMicro for Exchange and the other is NAV Corporate Edition. Anything that doesn't get stopped at the SMTP server will get picked up by Norton. I figure the two of them combined cost somewhere around $1000-$1500 to cover all of our workstations. Besides that, the only cost the virus is incurring is my time looking over the logs, which basically have been saying the same thing over and over for the last three days. This is a far cry from the $48,000 - $58,000 they say it takes to secure yourself from one teeny little worm virus.
If the virus got in, the cost of fixing it would be based on the method of removal, how many computers got infected, and what the downtime costs our business. These are three variables that certainly can't be guessed. Something tells me they just pick out numbers that are big enough to impress the media and small enough to avoid losing whatever credibility they have left.
-R
In fact, I just had a vivid image of a doctor visiting a bunch of children in Iraq who'd lost limbs from playing with those cluster bombs that look like food packets and saying "You did what? Don't you retards know not to open unfamiliar packages?"
See how petty and insulting it sounds when it's in relation to another line of work? That's how the "dumb user" attitude makes tech workers look to people in other fields.
"...always new atoms but always doing the same dance, remembering what the dance was yesterday." -Richard Feynman
One thing I've noticed frequently mention is costs including time various technical personages spend cleaning up or taking preventative measures being billed on these boards as "time not spend doing their job." Correct me if I'm mistaken, but isn't virus protection implicit in providing a secure network atmosphere? 'course, if it were me, I'd just ban attachments period. If it's important enough that you need it, set up an FTP account or something. How many ways have we developed to transfer files nowadays?
The real reason for the inflated damage estimates is that it sounds impressive in the media, which generates FUD, which generates more viewers, which sells advertising space.
If a virus came out and the news reported it as causing "a few thousand dollars of damage across north america", would anyone give a damn? So the news directors and reporters try and figure out a more "interesting" damage estimate that they can broadcast. So, pump up those numbers! The virus caused $250 MILLION OF DAMAGES, suddenly sounds impressive and formidable.
It has about as much bearing as when the RIAA sues people for tens or hundreds of millions of dollars because "the song they had shared 'could' have been sent to everyone on the planet, thus depriving the record company of any profits whatsoever".
The reality is that in the office I work for, one person clicked on the attachment and got their machine infected. He continued working as normal and called the IT guys who came around and fixed it.
Total lost productivity time? A 30 second phone call. Total lost revenue? $0.
Compared to people just plain ol' "slacking on the job", viruses do a negligable amount of damage.
Funny how you never hear about the '$50 billion in lost revenue' from employees taking three 15-minute "smoke breaks" every day.
"Nothing strengthens authority so much as silence." - Charles de Gaulle
I work for a small computer service company in the .25-.75 hours per machine to disinfect .25 hour to load new AV software per machine, download updates for program and signatures, etc...
Detroit area. We get typically $149/hour for operating systems/software support. Given the case of a small company with 20 workstations and a server for their employees to use that has nothing in place for virus protection, and that most, if not all machines have become infected, figure this:
Figures to 21 hours max at $149/hour... $3129 in labor. Norton AV Corporate edition with 25 seat licensing (don't forget, that server is included as a seat, and you can only buy in 5, 10 and 25 seat increments) costs $869.00 per Symantec's website. With the 30% markup my employer would add and state sales tax added, that comes to software costs of $4326.48.
Figure in any additional labor to reinstall any software or operating system components that were damaged by the infection and you've got one whopper of a bill for a small business to drop because a multibillion-dollar corporation cannot spend the proper amount of money and time to thoroughly investigate and secure their operating system products. Then figure in the cost of annual subscription fees to download updates to the virus updates (I don't recall the actual figures for annual subscription fees, but my sister's company has three pc's in a peer-to-peer environment and each machine costs $20 annually for that subscription). Pretty hefty.
I know what you're trying to say, but seriously, however tired I am - however stressed I am - even if I'm so out of it that I try to make myself a coffee and forget to boil the water first - I have NEVER for a moment failed to recognise a virus email the moment I saw it.
Oh, sure, companies should provide one one-day training course on virus recognition, to protect the truly ignorant.
But after that, anyone who still falls for them should be fired, because they shouldn't be in a job which involves reading emails. You wouldn't give an alcoholic a job driving ambulances, would you?
You have highlighted exactly why Windows is used in the majority of offices - it's easy, familiar, agnostic with regards to security, and cheaper than employing people that could cope with KDE or Gnome.
naturally weeds out complete retards
probably explains why it will never be the desktop of choice - Apple learnt long ago to cater to total retards, and has the media business sewn up as a result.
oh brave new world, that has such people in it!
1* I pay a couple of K per year for subscriptions to Symantec and Norman (I like using 2 and filtering emails through both).
2* I use ZEN Works to distribute critical patches to all workstations with a minutes or 2 effort.
3* We routinly sead an 'all staff' email telling them to trash any filtering system notifications that they don't actually understand (ie weird sender, subject etc)
4* PROFIT!
Honestly, anyone being affected is doing it wrong.
Only big ligs use sigs.
That's all the poster asked for - he doesn't ask for people to be able to fix a bug in one of their init scripts. He doesn't even ask for the minimum of skills I would expect for a specifically technical job. He just asks that people not step on the accelerator when an interesting brick wall appears in front of them.
Obviously, the consequences of being clueless with your computer are nowhere near the consequences of being similarly clueless with your car. However, the idea that you can be held responsible for paying attention to those actions you do perform is not unthinkable. Simply being aware of what you're doing should not be too much to ask.
Now, imagine you have tens of thousands of employees and you're not using a service like ours. You're going it alone. Your admins. Your equipment. Your anti-virus software which you hope gets the new signatures before the worm gets to you. Your admins and helpdesk staff are working their butts off for at least a week, probably more (not that they weren't already busy). You might have hundreds or even thousands of infected machines to deal with. Countless bounces. Suddenly, you find yourself looking at a cost reaching into the hundreds of thousands of dollars. Not a pretty sight.
Nice advert for your services, you forgot the URL ;)
I work in a 100% NT4 desktop corp environment (our admins, our equipment) and we have around 40,000 users on various domains. We use Exchange and Outlook. Wanna know how many of these "deadly" worms we've had infect our systems in the last 3 years I've been working there? None
There's nothing inherently deadly about MS stuff in a corp environment as long as your admins and engineers are worth the money they're paid. Frankly I welcome hearing how much cash companies are supposedly losing with this - let it be a kick up the backside. :)
The cost of anti-virus and related is the least part of the equation, even factoring in the admin's time, and I don't care *how* cheaply you work. Not even if you're a volunteer./
wait a damned minute. Are you an employee there? would you get paid even if this outlook worm did not exist? oh you forgot that did you.
and you forgor that typically IT workers are hired as EXEMPT status and therefore can be worked after hours for FREE.
I know that you are good at enron style of accounting from your post, but you are getting rediculious to the other end.
first you already had in place systems to deal with this problem, if you did not then your entire IT staff needs to be fired starting with the CIO. if it was configured properly the definition files were in place days ago automatically on the servers and desktops as well as that damned exchange server. total admin time and cost $0.00 as the admin checking this was getting paid already so you cant ADD cost to his salary unless you pay him more for this task.
work lost estimate... are you that inane? you are telling me that if a person's computer stop's working they are 100% unproductive? then the IT department costs a company 1.2 billion dollars each year by your estimates.. and the printer being out of paper costs $20,000 yearly! you are being redicilous with your figures.
data-loss or destruction... if you are not backing things up then your fault for data loss. besides, there is more data loss in a company from a manager editing a spreadsheet from within a email and forgetting to "save as" than EVERY destructive virus or worm made.. so your management now is second in line as the highest cost to your company.
your operating costs do NOT increase because of the worm, you have no greater expenses because of the worm, and work lost is only slightly larger than a typical day.
I shot a PHB like you down 2 weeks ago in a managers meeting... Until you can give me hard paperwork that documents ADDED EXPENSES and LOST REVINUE you are talking out your arse.
the added cost of "viruses" is very low. and today it's an expected part of IT.
Do not look at laser with remaining good eye.
Meh. Not really. A colleague of mine unleashed MyDoom on our (very large) company. All of his work up until then suggests that he's a very competent and capable Solaris admin.
He doesn't give out his work address, he's never received a piece of spam or a virus to that address, and he gets 1500+ legitimate emails daily that he has to read. I imagine it showed up somewhere in the middle of the pile and his brain was just elsewhere for the split second it takes to open the attachment.
Did we all mock him for the remainder of the day? Sure. Is he fired? Naw, if it wasn't him someone else probably would have done it. In fact, someone else might have started it, since internal contacts are the only people who should have his address anyway. Frankly, we're too busy with our jobs to go looking for a witch to burn.
Bad things happen to good people sometimes. He's not a moron, he just made a clumsy error. It happens to the best of us once in a while.
Actually, the guys you call 'morons' are just average people with respect to your chosen field of endeavor.
They're not geeks and calling them morons on the basis of their not understanding computers is like calling someone a moron for not being a great chef, a gifted pianist, a brilliant chess-player, or an insightful auto-mechanic.
Ceteris paribus, knowing nothing else about the poor schmuck panicking with his hot little hand on the mouse button, the word makes no sense. In fact, it may very well say more about the person who needs to reach for it than it does about the one to whom it's applied.
To mail me, remove the 'mailno' from my email addy.
"Yeah. It smells, too..."
Can't fire the people that open attachments, they are usually members of the board or senior staff. I can't remember one 'non exec' who opened a virus in the last 12 months, over 50% of the directors did.
... There is NO WAY a single virus costs the company 40K+ to fix.
The punishment is now a round of drinks for the company
Once a day is not enough! (I wish!)
When the orginal MyDoom.A came out, we were catching them with ClamAV 5 hours before McAfee's patters came out. A similar thing with MyDoom.B.
Update your patterns hourly, as a minimum.
Even that's not enough with a mass vectored attack in which thousands of compromised PCs used to distribute a new virus at the same time.
Antivirus vendors are going to have to rethink.
We need rapid responses to newly detected viruses.
Waiting hours for updated detection patterns isn't good enough, or soon won't be.
Seems IE will execute things with non executable extentions, if the latest bug report on IE is telling the truth. If so, you have no promises, no guarantees that Outlook or Outlook Express won't have a similar weakness. Either you need to certify the program 100% for all "safe" attachment types, block all attachments, or insist on alternate programs for e-mail or for the operating system itself.
I am not merely a "consumer" or a "taxpayer". I am a Citizen of the State of Texas
Being human is accidentally spilling coffee over your keyboard.
'Accidentely' setting of a virus when explicitly told not to is like setting the office on fire by smoking besides inflammable goods when smoking is banned and there are a dozen signs saying 'Danger, inflammable' and 'No Smoking'.
If doubt if you can get away with the excuse 'sorry, it wasn't my intention to set the office on fire, just a little mistake', so why should you get away with 'sorry, it wasn't my intention to unleash a virus that destroyed costs as a few thousand bucks worth of data, lost productivity and pissed off customers'?
How much damage should people be allowed to do before getting fired?
If this really is economic math, then economic math is bullshit that's designed to inflate numbers as much as possible with no actual reasoning behind it.
If you pay someone $20 every day with and expectation of getting $40 back every day, then on normal days you net +$20.
If someone hinders your guy from doing his job, then you net -$20.
The amount that you lost, by any reasonable definition of the term is 20 - -20 = $40, or the opportunity cost of the guy not doing his job.
It seems that what you, and previous posters, have been computing is some sort of gross losses, rather than net losses that are *due* to some cause. In other words, you're adding together opportunity cost losses + standard running costs, when the standard running costs are *not* due to the virus/mugger/whatnot.
I think the problem here is that "productive value" is too abstract for some people to work with preciecely. Let me try to modify the problem a bit to make it more clear what's going on:
Let's say that every day you buy an "employment unit" for $120, and at the end of the day you can cash that employment unit in for $150. This is economically equivalent to hiring someone and gaining productivity out of them, but it's in more concrete terms.
If I buy the $120 unit, and can sell it for $150, and someone steals it from me, how much money did I lose? I lost $150, as that was how much this unit was worth to me, regardless of how much i paid for it.
I did *not* lose $270. You're double counting the real cost when you come up with that figure.
Some more extremes to make this more clear: Let's say I bought something for $120 and could sell it for exactly $120. How much do I lose if someone steals it? $240? I think not. The thing was equivalent in value to the cash I expended for it. It might as well have been more cash, in fact. I lost $120 when it was stolen from me.
Another example: Say I give a dollar to someone to purchase 4 quarters. Then someone steals those 4 quarters from me. Did I lose $2 or $1? If you say $2, then you're out of your freaking mind. I lost a DOLLAR.
One more, as food for thought: Say I buy something for $120, and it turns out it's worth nothing. Nada. Zip. I can only give it away. I get absolutely no value or worth out of it by keeping it. People won't even pay a penny for it.
Then it gets stolen.
How much did I lose by the fact that it got stolen?
My answer: NONE. I may have lost $120 by making the dumb investment in the first place, but the fact that it got stolen changed *nothing* about my current wealth or wealth opportunities, and therefore cost me *nothing*.
----
Summary: "opportunity cost" is a really tricky subject that people throw around to inflate numbers, but it doesn't end up being logically consistent if you're not very careful about it.
The amount lost to a virus should be $cost of opportunities lost due to virus + $cost of *extra* expenditures required to fight virus (overtime, products required, outsourcing help, etc.). Your *normal* operating costs should *not* appear in this equation -- you're already counting for productivity lost in the "opportunities lost" part.
The following sentence is true. The preceding sentence was false.
That's why, in spite of the fact that "any moron can step over a loose cable" it is still necessary to keep cables away from foot traffic or at least tape them down. It's also why it's bad to login as root all the time (for OSes that permit any other option anyway).
"...all reverse vacuumed into the shitpipe because you made one mistake. There's no excuse for being human in an inhuman workplace. Take your parting gifts, pack up your shit and get the fuck out. Time to watch your career get destroyed."
YES. That is exactly right. I have fixed too many computers over and over and over because the same IDIOT (moron) continues to open attachments every f***king time a new worm or virus makes its way around the internet. If you either can't read the warnings we have to waste our time posting or choose not to then you get what you deserve. You can put your own ass on the bottom of the service call list again or we can can your sorry ass and hire someone who can pay attention.
if electricity is created by electrons, is morality created by morons?
is like setting the office on fire by smoking besides inflammable goods when smoking is banned and there are a dozen signs saying 'Danger, inflammable' and 'No Smoking'.
That analogy only holds up if smoking is a normal part of your job description. I doubt it is. I have never seen a workplace with signs reading "No reading email". If there were such a workplace and someone read an email and unleashed a virus, that would be a different matter.
He was lucky in this case only one person was affected. When Mellisa came out I was working at one the big three television networks in NY. (I know not a small or mid sized company.) The sysadmins put up signs saying don't turn on your computer. So for a week I learned to play contract bridge with 3 other members of my team.
In 2001 when NIMDA came out I was working at a small dot bomb there were a lot less people and being a tech dept we were allowed to clean up our own machines. But I spent a few days teaching my team how to play bridge. Waiting for the sysadmins to verifiy a fix procedure.
To get to a point. I have no idea where to begin with what a week long work stopage cost a major television network. But at the dot bomb there were about 200 people nation wide that were doing nothing for most of a week. Add up a weeks salery{sp} for all 200 of those people and $60,000.00 does not seem out of hand. Infact it seems low.
JACEM
DOC Disinformation Obfuscation and Confusion
The carrot to FUD's stick
Many big companies take *just* that approach. For example here (a medium sized $WE_MOVE_PACKAGES company), there is mandatory security training before you get a user id.
Generally, this isn't the case at small companies. I've done many virus cleanups at 5-man companies where the guy installing the software is the boss or the boss's son, and knows just enough to be dangerous. The rest of the employees maybe use the computers 10 minutes a day to look at their order sheet that someone's emailed in. They don't do this sort of training because they never knew they had a need.
This sort of thing isn't going to go away. What we need is *more secure defaults* for consumer-grade software like Windows. Even then it will take years to go away - after MS releases XP SP2, what proportion of computers will still be Win95 through to WinXP service pack 1? Tens of millions for many years to come.
Oolite: Elite-like game. For Mac, Linux and Windows
Couldn't agree more (quoting your entire email as you posted as AC/0). If, as you generally have to when designing systems, you assume end-users are computer illiterate, you're left with the conclusion that it's crap admins to blame for these virus outbreaks. No amount of bleating about how Microsoft software is awful is going to change the fact that companies who hire non-morons to design, build and support their IT infrastructure generally do NOT have problems at all.
the cost estimate for those are not the cost of having someone come for a couple hours, and clean all the computer (some $200).
it involves also the fact that while that person is fixing the computers, 20 or 30 people are going to be sitting idle, not doing their job (25$ per hour, 2 hours, 50 people) and the extra time that they will have to work (overtime?) to get back on schedule (again, 25x1.5 for the overtime, by 2 hours, by 50 people).
when you consider that, the price goes up very quickly, if you have 200 employees that can't work because the bandwidth in the office is all chewed up, and the mail server is not handling the mail, and the emails are showing late, missing critical deadlines... and that's how PHBs look at it too...
my $.2