The Art and Science of Calculating ROI for Security Software: Is It Really A Risk Management Calculation?

By

Can enterprises and organizations really measure the Return on Investment in digital security solutions? It is not easy, but it is possible when the challenges being solved are looked at through different lenses.

Developing IT budgets for the new year is never easy, and especially hard for 2021, given the constant uncertainty, we are facing in 2020, including the requirement to secure at home working, where access to data is more difficult to safeguard.

When information security professionals recommend and request funding, they are always confronted with the question – how much will it cost, how much will it save, and why should we spend on this compared to other needs?

How long will it take for this investment to pay for itself, either in the form of new revenue or saved costs?

Security investments historically have never been intended to generate new revenue. That is changing, as more customers are insisting on security and as more “commerce” is happening in the cloud, with the exchange of data using APIs, for example. It is now possible to make the case that a more secure infrastructure and environment make platforms and digital services better for customers, and while that is a stretch to calculate, it is a growing reality.

Still, to a large degree, security professionals are paid to make sure nothing bad happens, and if it does, the issue will be resolved immediately.

The best cybersecurity solutions are often invisible to most, including the C-Suite and Board of Directors, but that is also changing dramatically. Board members are asking good questions, and CEOs are not limiting responsibility to a VP or Director of IT level person, rather they are empowering CISOs, along with CMOs, CTOs, and COOs, because the threat risk has grown, and high profile cases are getting extreme media coverage, which has made some victims of breaches go bankrupt.

Hard numbers are available on the costs of many high-profile security breaches. The Target credit card breach cost the company over $300 million. Equifax has paid out over $650 million to settle claims over its massive data breach.  Capitol One’s 2019 breach cost over $300 million.

This week, Ironsphere, a New Jersey-based Privileged Access Management security software provider, introduced a Risk Management Calculator designed to determine the ROI based on specific attributes and levers.

“PAM is an information security and governance tool our clients use to prevent data breaches and attacks through the close and automated management of privileged accounts,” said Orhan Yildirim, CTO, Ironsphere. “A PAM solution consistently protects management accounts, controls privileged user access, enforces segregation of duties, logs user sessions and activities, provides accounting, compliance auditing, and operational efficiency, and helps to prevent security breaches, which have been documented to cost from $4M to $400M, depending on the number of records compromised and the value of the related data.”

Yildirim explained that IT managers and network administrators must efficiently secure access, control configurations, and log all activities in the data center or network infrastructure, where any failure to access privileged accounts could result in a material impact on business continuity.

Historically, organizations have invested in software and hardware-focused on securing the perimeter of their networks, but today PAM plays a critical role in protecting assets and mitigating risk, given that 81% of all data breaches in 2019 were linked to lost or stolen user credentials, and 43% of successful breaches were linked to internal actors, according to the Verizon Data Breach Investigations Report (DBIR).

“As regulatory pressures mount, penalties rise, and reputational damage is done when breaches are made public, an investment in PAM goes beyond technical and tactical, to strategic and smart,” said Orhan Yildirim. “IT and OT teams, especially in large enterprises and government organizations, are under unprecedented pressure to keep work flowing, while protecting networks, applications, and data, and complying with increasingly complex regulations and avoiding large fines.”

When developing 2021 budgets and information security vendor ROI calculations, Yildirim said it is important to use all available data, both internal and external, to make the case. “Remind your management team and boards that there are several advantages: reducing labor costs and being able to track and respond using advanced automation while also insuring against reputational damage that could, in fact, be priceless.”

While cybersecurity has always been a concern, it has become increasingly significant in the recent past, with a higher frequency of incidents, including large attacks, which can have massive economic consequences and can even be deadly. Data, including healthcare data, is more valuable to cybercriminals than ever, but in the rush to digital transformation (and responses to crises, including the 2020 Covid-19 pandemic), organizations of all sizes are unintentionally opening themselves up to the largest source of data breaches.

Learn more about the complimentary assessment and download the white paper here


Arti Loftus is an experienced Information Technology specialist with a demonstrated history of working in the research, writing, and editing industry with many published articles under her belt.

Edited by Maurice Nagle

Special Correspondent

SHARE THIS ARTICLE
Related Articles

12 Golden Tips That Every Forex Investor Must Know

By: Special Guest    11/25/2020

Traditional currency trading has been a prerogative for multinational corporations and affluent investors for decades now. The Forex market has, howev…

Read More

Make Social Media an Integral Part of Your Marketing Strategy

By: Special Guest    11/17/2020

Social media is an essential weapon any company needs in its marketing arsenal. Contrary to popular belief, social media is not an entity separate fro…

Read More

5 Ways to Reduce Customer Response Times

By: Special Guest    11/17/2020

Response time is a critical metric since it determines the levels of customer engagement with your brand. It also influences consumers' perception of …

Read More

How Will 5G Affect Online Casino Industry in Canada?

By: TMC    11/17/2020

If you are paying any attention to the telecommunications world, then you are likely aware that 5G technology is rapidly becoming the standard for com…

Read More

The software that powers online casinos

By: Special Guest    11/17/2020

The arrival of online casino software in the 2000s revolutionised the gambling industry. These days providers such as Playtech and hundreds of others …

Read More