blog-header-image
| 2 min read
| May 10, 2022
| by Greg Notch
| Tags:

How to quantify security ROI… for real


When it comes to security, pressure from the board comes from all sides. They are increasingly concerned that cybersecurity is in proper focus.

“Are we secure now?”
“Will we be later?”
“Are we making the right investments to address our cybersecurity risk?”
And the big one: “what’s all this costing now and in the future?”

The fact is, you need to spend money to help secure your org. But spending creates additional questions. One of the biggest: how can you be at least “reasonably sure” the investment will pay off and isn’t a complete waste of time, effort, and money?

The “usual way” of calculating cybersecurity return on investment (ROI)? You take the average cost of an incident and multiply that by how many incidents you are likely to have in a given timeframe. So if you’ve got rough costs for a new technology, you can assess whether the price of it and the reduction in incidents it brings is worth the investment.

To us, this sounds like a “not enough data” guess. Why? There are many more factors that come into play — starting with how to measure how much a technology actually reduces the organization’s risk — which makes calculating cybersecurity ROI like nailing Jello to a tree.

Some things to think about:

  • What tech do you already have that needs to communicate with the new one? How big of a lift is it to make that happen?
  • Are you shelving a legacy product or disentangling yourself from a current tech relationship and starting a new one? What’s the lift there?
  • Your equation also must include issues at stake beyond “just money,” including the potential loss of intellectual property, loss of reputation, and the disruptions to your business.

You know that breaches are expensive. It’s time to “guess” better. Think about calculating cybersecurity ROI as the start of a conversation about whether investing upfront to help prevent a big disruption outweighs the small probability of a significant breach and its ensuing costs. Arming yourself with as much data as possible (technology research) is the best way to start.

Expel has a few resources, including the recently commissioned Forrester Total Economic Impact™ (TEI) of Expel. This study was conducted by Forrester Consulting, a third-party research group, on behalf of Expel to help potential buyers calculate Expel’s financial impact on their orgs.

Through an extensive customer interview process, Forrester found that Expel customers could get a 610% return on investment (ROI) — helping them lower costs significantly and providing qualitative benefits like greater efficiency and better quality of life.

Wait … our customers’ cost savings are excellent and we provide other meaningful benefits — like giving them peace of mind? To say we’re ecstatic to see a measurable impact on our customers’ lives is an understatement.

But what about ROI specifically for your org?

Fair question. We’ve got just the tool.

We’re excited to introduce our interactive ROI calculator, which gives you an estimate on your ROI if you were to choose Expel as your managed security provider. Bonus, you don’t have to talk to a human first. (Although the humans here at Expel are always happy to chat.)


Subscribe

Evaluating MDR providers? Ask these questions about their onboarding process

Looking for an MDR provider? Make sure you understand their onboarding process. Here are the questions you should ask when you’re evaluating MDRs. Bonus: learn how we do onboarding here at Expel.
Read More