The Art and Science of Calculating ROI for Security Software: Is It Really A Risk Management Calculation?


Can enterprises and organizations really measure the Return on Investment in digital security solutions? It is not easy, but it is possible when the challenges being solved are looked at through different lenses.

Developing IT budgets for the new year is never easy, and especially hard for 2021, given the constant uncertainty, we are facing in 2020, including the requirement to secure at home working, where access to data is more difficult to safeguard.

When information security professionals recommend and request funding, they are always confronted with the question – how much will it cost, how much will it save, and why should we spend on this compared to other needs?

How long will it take for this investment to pay for itself, either in the form of new revenue or saved costs?

Security investments historically have never been intended to generate new revenue. That is changing, as more customers are insisting on security and as more “commerce” is happening in the cloud, with the exchange of data using APIs, for example. It is now possible to make the case that a more secure infrastructure and environment make platforms and digital services better for customers, and while that is a stretch to calculate, it is a growing reality.

Still, to a large degree, security professionals are paid to make sure nothing bad happens, and if it does, the issue will be resolved immediately.

The best cybersecurity solutions are often invisible to most, including the C-Suite and Board of Directors, but that is also changing dramatically. Board members are asking good questions, and CEOs are not limiting responsibility to a VP or Director of IT level person, rather they are empowering CISOs, along with CMOs, CTOs, and COOs, because the threat risk has grown, and high profile cases are getting extreme media coverage, which has made some victims of breaches go bankrupt.

Hard numbers are available on the costs of many high-profile security breaches. The Target credit card breach cost the company over $300 million. Equifax has paid out over $650 million to settle claims over its massive data breach.  Capitol One’s 2019 breach cost over $300 million.

This week, Ironsphere, a New Jersey-based Privileged Access Management security software provider, introduced a Risk Management Calculator designed to determine the ROI based on specific attributes and levers.

“PAM is an information security and governance tool our clients use to prevent data breaches and attacks through the close and automated management of privileged accounts,” said Orhan Yildirim, CTO, Ironsphere. “A PAM solution consistently protects management accounts, controls privileged user access, enforces segregation of duties, logs user sessions and activities, provides accounting, compliance auditing, and operational efficiency, and helps to prevent security breaches, which have been documented to cost from $4M to $400M, depending on the number of records compromised and the value of the related data.”

Yildirim explained that IT managers and network administrators must efficiently secure access, control configurations, and log all activities in the data center or network infrastructure, where any failure to access privileged accounts could result in a material impact on business continuity.

Historically, organizations have invested in software and hardware-focused on securing the perimeter of their networks, but today PAM plays a critical role in protecting assets and mitigating risk, given that 81% of all data breaches in 2019 were linked to lost or stolen user credentials, and 43% of successful breaches were linked to internal actors, according to the Verizon Data Breach Investigations Report (DBIR).

“As regulatory pressures mount, penalties rise, and reputational damage is done when breaches are made public, an investment in PAM goes beyond technical and tactical, to strategic and smart,” said Orhan Yildirim. “IT and OT teams, especially in large enterprises and government organizations, are under unprecedented pressure to keep work flowing, while protecting networks, applications, and data, and complying with increasingly complex regulations and avoiding large fines.”

When developing 2021 budgets and information security vendor ROI calculations, Yildirim said it is important to use all available data, both internal and external, to make the case. “Remind your management team and boards that there are several advantages: reducing labor costs and being able to track and respond using advanced automation while also insuring against reputational damage that could, in fact, be priceless.”

While cybersecurity has always been a concern, it has become increasingly significant in the recent past, with a higher frequency of incidents, including large attacks, which can have massive economic consequences and can even be deadly. Data, including healthcare data, is more valuable to cybercriminals than ever, but in the rush to digital transformation (and responses to crises, including the 2020 Covid-19 pandemic), organizations of all sizes are unintentionally opening themselves up to the largest source of data breaches.

Learn more about the complimentary assessment and download the white paper here

Arti Loftus is an experienced Information Technology specialist with a demonstrated history of working in the research, writing, and editing industry with many published articles under her belt.

Edited by Maurice Nagle
Get stories like this delivered straight to your inbox. [Free eNews Subscription]

Special Correspondent

Related Articles

Introducing the Newest Addition to ITEXPO #TECHSUPERSHOW: Enterprise Cybersecurity Expo

By: TMCnet News    6/11/2024

TMC today announced the launch of Enterprise Cybersecurity Expo, set to take place from February 11-13, 2025, in Fort Lauderdale, Florida, at the Brow…

Read More

The Shifting Landscape: Emergent Technological Paradigms in Online Sports Wagering

By: Contributing Writer    6/7/2024

In the ever-evolving sphere of online sports wagering, technological advancements have been instrumental in reshaping the landscape, altering how enth…

Read More

Unpacking The Differences: How CPaaS And Network APIs Drive Distinct Innovations

By: Special Guest    6/5/2024

While they share some technical synergies, CPaaS and Network APIs serve different markets and purposes, highlighting the need for complementary strate…

Read More

Protecting Your Digital Fortress Through Threat Exposure Management

By: Contributing Writer    5/23/2024

In today's digital landscape, cybersecurity threats loom large, posing significant risks to businesses, organizations, and individuals alike. With the…

Read More

Why Block Websites? Understanding the Reasons

By: Contributing Writer    5/6/2024

The internet is such an expansive network where every click can lead to information, entertainment, or opportunities for productivity. However, this a…

Read More