I recently coauthored an article for the ISACA Journal with a coworker about imputing the cost of a data breach from record count. We also recorded a podcast based on the article. You can read the article here and listen or watch the podcast.
I also authored a piece for the @ISACA newsletter on the role of mistakes in cybersecurity. Fortunately, there is a great adage that sums it up ;-)