• Skip to primary navigation
  • Skip to main content
  • Skip to primary sidebar
  • Skip to footer
  • About
    • Secure360
    • UMSA
    • Get Involved
  • Events
    • Secure360 2021
    • Student360
    • Past Events
      • 2020 Secure360 Twin Cities
      • 2020 Student360
      • 2019 Secure360 Twin Cities
      • 2019 Student360
      • 2018 Secure360 Twin Cities
      • 2018 Secure360 Wisconsin
      • 2018 Student360
      • 2017 Secure360 Twin Cities
      • 2017 Student360
      • 2016 TC Secure360 Conference
      • 2015 Secure360 Conference
      • 2014 Secure360 Conference
      • 2013 Secure360 Conference
        • 2013 Secure360 Conference Speaker Presentations
      • 2012 Secure360 Conference
  • For Sponsors
    • Secure360 Twin Cities
    • Student360 Sponsors
  • For Speakers
    • Secure360 Speaker Details
    • Student360 Speaker Details
  • Blog
  • Nav Social Menu

    • Facebook
    • LinkedIn
    • Twitter
    • Vimeo

Secure360

Calculating your security ROI

June 10, 2015 by Secure360 and UMSA

calculating ROI on security investments

Copyright: 123rf/niyazz

As we have mentioned before, the Year of the Data Breach has had one positive effect—companies, and especially CEOs, are taking cybersecurity more seriously. And these stakeholders and CEOs want one thing—numbers.

As Andrew Plato said in his UMSA WebTracks webinar on communicating risk to executive leadership, “Language not only affects comprehension, but also acceptance.” If you want your company to invest in cybersecurity, you need to communicate with them in their language.

Cybersecurity ROI

When calculating security ROI—often referred to as return on security investment (ROSI)—you need to focus on two areas of value: qualitative and quantitative.

Qualitative value

One way you show value is through qualitative ROI. Qualitative value is subjective and unable to be measured in dollar amounts.

When assessing qualitative ROI, start by looking at the processes that generate value for your business, such as store sales, customer loyalty and the thing that makes your company different than the competition (customers service, recipes, etc.); now, how is your department contributing to the success of these processes? Are you protecting client data, which in turn makes them loyal? Are you protecting the secrets that allow your company to differentiate itself from the competition? This is qualitative value you need to share with stakeholders.

Here are few other questions to help you identify your qualitative value:

  • If you stopped certain processes, who would notice?
    • Who would be affected?
    • Could it affect stock prices or create legal issues?
  • What information would hackers want from your company? What are you doing to protect that data?

Quantitative value

Quantitative value is what most people think of when they think of ROI – numbers and dollar amounts.

On the most basic level, quantitative value is expressed by subtracting the cost of the investment from the gains of the investment. One example could be an app you helped set up for your company. Subtract how much it cost to create the app and monthly maintenance fees from the total sales the app has generated and you have ROI.

Here are few other questions you can ask to identify quantitative value:

  • Have you cut back on vendors? How much are you saving?
  • Have you received more value from a vendor without increasing costs? How much would the increased value have cost?
  • Have you reduced redundancy in your department? How much time has been saved?
  • Have you repurposed technology? How much has that saved?
  • Did you repair versus replace a piece of hardware? How much money did you save?

Here is the reality of business—no ROI, no investment. No company is going to invest blindly, so show your CEO and stakeholders what cybersecurity is doing for the company and explain why it matters.

Filed Under: Business Continuity Management, Cybersecurity, Risk and Compliance

About Secure360 and UMSA

The Secure360 and UMSA team is made up of professionals in the security and risk management industries. Topics of expertise range from physical security, IT, risk management, cybersecurity, cloud, information security and records management.

Reader Interactions

Leave a Reply Cancel reply

Your email address will not be published. Required fields are marked *

Primary Sidebar

Categories

  • Uncategorized
  • Guest Posts
  • Business Continuity Management
  • News and Events
  • Physical Security
  • Cybersecurity
  • Professional Development
  • Risk and Compliance

latest tweets

  1. Marketing Envy
    Marketing Envy: [New Blog] 2020 saw in-person conferences evaporate, but with vaccines rolling out, 2021 could be different. H… https://t.co/4YONwZNsDa
    about 4 days ago

  2. Secure360 Conference
    Secure360 Conference: We are honored to be listed on the Top 20 Cyber Conferences for 2021 -> https://t.co/MnrQ3E5ifw
    about 6 days ago

Footer

Contact

For more information about UMSA events, contact: Marie Strawser

Email List Signup

Join our email list for monthly Secure360 news and updates!




Join our tradeshow email list for updates on sponsorship opportunities and upcoming exhibitor deadlines.

Sponsored by:
© 2021 Secure360. All rights reserved.