[Dshield] Possible solution for ISP (was DShield's public goals)

Valdis.Kletnieks@vt.edu Valdis.Kletnieks at vt.edu
Sun Jan 15 23:01:07 GMT 2006


On Sun, 15 Jan 2006 15:03:13 EST, Tom said:
> I was responding to the assertion that ISP's can't afford to worry 
> about security in North America because they were to poor to afford 
> it. An assertion that I think is hogwash.

OK.. Let's crunch the numbers.

Your level 1 support desk is still in the US, and you pay the people
minimum wage.  Bam!  That's $6/hour.  Now add in the cost of the seat the
refugee from McDonald's is sitting in, and you're probably looking at $10/hour.

You're charging $9.95/mo for dialup. That's $120/year.  Now let's assume that
your profit margin is an obscene 10%.  That's $12/year profit.

If that guy calls the help desk *once* that year and the problem takes an hour
to resolve, you've just wiped out almost all your profit for that account for
the year.

If your profit margin is only 5%, and that seat costs $12/hour, your profit
evaporates in 30 minutes.

Now you know why Indian help desks are so popular. :)

(Oh - and an existence proof that the profit margin can't be a lot more than
10% - if it were, some other company would be offering bare-bones no-support
dialup for $8/mo and still making money at it...)

An important thing to remember here is that many of these low-price connectivity
solutions wouldn't be financially feasible if there wasn't a lot of cost-shifting
going on.  Remember that the ISP doesn't bear the costs of their customer's
security problems - the sites they connect to bear the cost.

If you want to know how much security *actually* costs an ISP - consider that
both AOL and NetZero are bragging up their free A/V for customers.  They wouldn't
be doing it unless the cost of the volume-purchasing agreement plus the cost
of the TV ad campaign wasn't *less* than their costs of the phone ringing at
the help desk when a customer gets whacked with a virus.

(For those who care, our most recent estimate of the cost of dealing with
one of our users infected with a virus was $30 per call - and that was *not*
including lost time/productivity on the victim's part.)
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 226 bytes
Desc: not available
Url : http://www.dshield.org/pipermail/list/attachments/20060115/0376e7de/attachment.bin


More information about the list mailing list