We all know how companies don’t want to be named after a breach. Here’s a random question: how much is that worth to a CEO? What would a given organization be willing to pay to keep its name out of the press? (A-priori, with at best a prediction of how the press will react.) Please don’t say a lot, please help me quantify it.
Another way to ask this question: What should a business be willing to pay to not report a security breach?
(Bonus question: how is it changing over time?)