Let's say you're a company with 10k employees, all of whom use a central server to do their jobs.
A cracker comes in, and steals all your passwords. You have no idea if that list was sold or whatever, so you have to lock down the system, and reissue passwords.
Start the clock.
Someone has to compose a company-wide notice of the problem, and distribute it. Someone has to change all the passwords. Someone has to contact all the employees and give them their new passwords. And someone has to answer the Helpdesk calls when employees, irate that they've been locked out (and who missed the notification message) call the Helpdesk to bitch.
All the while, the employees are locked out of the system, and can't work.
If the average time each employee is locked out or working to re-issue passwords is an hour, and the average salary is $20/hour, then it cost you $200k to re-issue those passwords to 10k employees. It doesn't take a long outage on critical systems to add up to big monetary values for the lossage.
The passwords themselves don't have any monetary value, but the time spent in reissuing them most certainly does.
Slashdot Mirror
It's simple, really.
Let's say you're a company with 10k employees, all of whom use a central server to do their jobs.
A cracker comes in, and steals all your passwords. You have no idea if that list was sold or whatever, so you have to lock down the system, and reissue passwords.
Start the clock.
Someone has to compose a company-wide notice of the problem, and distribute it. Someone has to change all the passwords. Someone has to contact all the employees and give them their new passwords. And someone has to answer the Helpdesk calls when employees, irate that they've been locked out (and who missed the notification message) call the Helpdesk to bitch.
All the while, the employees are locked out of the system, and can't work.
If the average time each employee is locked out or working to re-issue passwords is an hour, and the average salary is $20/hour, then it cost you $200k to re-issue those passwords to 10k employees. It doesn't take a long outage on critical systems to add up to big monetary values for the lossage.
The passwords themselves don't have any monetary value, but the time spent in reissuing them most certainly does.