This paper was written to understand understand how organizations qualify and quantify the financial risk to their tangible and intangible assets in the event of a network privacy or security incident.