Close this search box.

ROI in Cybersecurity: How to quantify something that doesn’t happen?


The best result of a well-executed cybersecurity strategy is basically a company with no disruption to its operations or systems in the event of an external threat. In other words, it is having an efficient cybersecurity ROI.

However, while this is undoubtedly a positive result, it can become a major challenge when it comes to proving ROI in cybersecurity.

With the lack of visible results to share, you may find yourself answering questions from business leaders about the true value of cybersecurity.

While preventing damage from cyber attacks should only be seen as a justification for investing in cybersecurity, if the result is invisible, the risk is that this investment will come under the spotlight and its validity will be questioned.

So, with cybersecurity investment spanning technology, people, and processes, how can you best demonstrate the tangible cybersecurity ROI of your investment in data protection and privacy?

ROI in cybersecurity, how do you quantify the value of something intangible?

Organizations make their investment and spending decisions by estimating ROI. If you, for example, spend $10 million developing a new product, you expect to make $100 million in profit. If you spend $15 million on a new IT system, you expect to achieve $150 million in productivity increases.

But if you spend $25 million on cybersecurity, what is the resulting value benefit to the organization?

Furthermore, how can you systematically and quantitatively determine which of the numerous cybersecurity tools and technologies available will provide your organization with the best possible increase in cyber resiliency for the money spent?

In 2017, IT security spending increased from 5.9% to 6.2% of total IT spending year over year, but in 2019, IT security spending fell to 5.7% of total IT investments.

The absence of tangible reasons to spend not only causes frustration among IT professionals, it also leaves organizations exposed to glaring cybersecurity flaws and malicious cybercriminals waiting for the right moment to strike.

After all, no leadership will make large investments in a strategy that does not have tangible returns.

How to calculate ROI in cybersecurity?

Firstly, ensure that you have a defined and layered security strategy in place to provide the best possible protection for company or financial reputation as a result of a cyber attack or breach.

Several examples from previous years have already shown the consequences of not keeping customers’ personal data protected from cyber threats, according to cybersecurity firm Coveware, for example, the average cost of a ransomware attack last year was $84,116, although some ransom demands were as high as $800,000.

Demonstrate competitive advantage

To truly demonstrate the value of your cybersecurity investment, be sure to emphasize the impact that effective security protocols have on the entire enterprise.

For many companies, cybersecurity is a prerequisite for business commitments and regulatory requirements, such as the General Data Protection Act (LGPD).

With good security credentials and robust processes, companies can open up markets and revenue streams that were previously impossible to reach, proving the long-term cybersecurity ROI of an investment in data protection and privacy.

Maximize your technology investment and ensure ROI in cybersecurity

A study done by IBM with 500 global organizations, including Brazil, and with more than 3,200 security professionals shows that the average cost of a data breach is $3.86 million.

The study also shows that technologies such as artificial intelligence (AI), machine learning, process automation with robots (RPA), analytics, and others can help the company save money in the event of a breach.

Maximizing your investment in cybersecurity is crucial to demonstrating ROI in cybersecurity. There are tangible ways to achieve this by generating greater efficiency, for example by reducing the time needed to eliminate the noise created by outdated technologies, especially when it comes to monitoring and response.

Outdated technology frameworks usually produce multiple alerts, which means that you need to review and apply your own knowledge before drafting a response.

However, developments in artificial intelligence now allow patterns and behaviors across technologies to be identified in real time, reducing the noise to a few actionable alerts.

Discover security and data protection solutions

The latest security, data protection, and data privacy solutions offer great benefits in terms of driving efficiency and demonstrating ROI in cybersecurity.

The IBM report also finds that companies with fully deployed security automation compared to those without it realize a cost savings of $3.58 million.

Readiness for incident response can also help keep costs down when responding to a data breach.

In fact, companies without an incident response team averaged $5.29 million in breach costs, compared to $2 million for companies that maintain an incident response team and simulations, according to IBM.

Therefore, by combining artificial intelligence, automation, and human analysis to detect and act on cyber threats, they can reduce cyber risk and the dwell time of breaches, allowing your staff to focus efforts on other areas.

Finally, consider adopting a protection framework that is available as a hybrid security operations center.

This gives you the flexibility to adapt it to your needs, while at the same time helping to develop the right skills internally in the company, again enabling consolidation of security vendors.


Earning Board Trust and Securing ROI in Cybersecurity

The methods and reasons for cyber attacks will continue to evolve and you need to make informed decisions about potential risks and mitigate them through the right security processes, technology, and controls.

While proving cybersecurity ROI has potentially been difficult for security teams historically, by implementing the right strategy, clear communication channels, and leveraging the right technologies such as security, data protection, and privacy solutions, this can be easily overcome.

Solutions like these help drive digital transformation across the enterprise, enabling your organization to adapt to the growing digital economy and face evolving threats with greater confidence.

And it is this business case that you can present to get the support of top management and the board.

CipherTrust: protect your company and maximize your ROI in cybersecurity

In the challenge of ensuring an efficient ROI in cybersecurity, companies can rely on the CipherTrust Data Security Platform solution, which allows companies to protect their structure against cyber attacks.

According to IDC, more than 175 zetabytes of data will be created by 2025, and today more than half of all corporate data is stored in the cloud.

To handle the complexity of where data is stored, CipherTrust Data Security Platform provides strong capabilities to protect and control access to sensitive data in databases, files, and containers. Specific technologies include:

CipherTrust Transparent Encryption

Encrypt data in on-premises, cloud, database, file, and Big Data environments with comprehensive access controls and detailed data access audit logging that can prevent the most malicious attacks.

CipherTrust Database Protection

It provides transparent column-level encryption of structured and confidential data that resides in databases such as credit card, social security numbers, national identification numbers, passwords, and e-mail addresses.

CipherTrust Application Data Protection

It offers APIs for developers to quickly add encryption and other cryptographic functions to their applications, while SecOps controls the encryption keys.

CipherTrust Tokenization

It offers application-level data tokenization services in two convenient solutions that provide customer flexibility – Token without Vault with dynamic policy-based data masking and Tokenization in Vault.

CipherTrust Batch Data Transformation

Provides static data masking services to remove sensitive information from production databases so that compliance and security issues are alleviated when sharing a database with a third party for analysis, testing, or other processing.

CipherTrust Manager

It centralizes keys, management policies, and data access for all CipherTrust Data Security Platform products and is available in FIPS 140-2 Level 3 compliant physical and virtual formats.

CipherTrust Cloud Key Manager

It offers its own key lifecycle management (BYOK) for many cloud infrastructure, platform, and software-as-a-service providers.

CipherTrust KMIP Server

It centralizes key management for the Key Management Interoperability Protocol (KMIP) commonly used in storage solutions.

CipherTrust TDE Key Manager

Centralizes key management for encryption found in Oracle, SQL and Always Encrypted SQL.

The portfolio of data protection products that make up the CipherTrust Data Security Platform solution enables enterprises, seeking to improve their cybersecurity ROI, to protect data at rest and in motion across the IT ecosystem and ensures that the keys to this information are always protected and only under their control.

It simplifies data security, improves operational efficiency, and accelerates compliance time. Regardless of where your data resides.

The CipherTrust platform ensures that your data is secure, with a wide range of proven, industry-leading products and solutions for deployment in data centers, either those managed by cloud service providers (CSPs) or managed service providers (MSPs), or as a cloud-based service managed by Thales, a leading security company.

Tool portfolio that ensures data protection

With CipherTrust Data Security Platform’s data protection products, your company achieves cybersecurity ROI in different ways:

Strengthen security and compliance

CipherTrust data protection products and solutions address the demands of a range of security and privacy requirements, including electronic identification, authentication and trust, Payment Card Industry Data Security Standard (PCI DSS), General Data Protection Act (LGPD), and other compliance requirements.

Optimizes team and resource efficiency

CipherTrust Data Security Platform offers the broadest support for data security use cases in the industry, with products designed to work together, a single line for global support, a proven track record of protecting against evolving threats, and the industry’s largest ecosystem of data security partnerships.

With a focus on ease of use, APIs for automation, and responsive management, the CipherTrust Data Security Platform solution ensures that your teams can quickly deploy, secure, and monitor the protection of your business.

In addition, professional services and partners are available for design, implementation, and training assistance to ensure fast and reliable implementations with minimal staff time.

Reduces total cost of ownership

When it comes to cybersecurity ROI, CipherTrust Data Security Platform’s data protection portfolio offers a broad set of data security products and solutions that can be easily scaled, expanded for new use cases, and have a proven track record of protecting new and traditional technologies.

With CipherTrust Data Security Platform, companies can prepare their investments for the future while reducing operating costs and capital expenditures.

About Eval

With a track record of leadership and innovation dating back to 2004, Eval not only keeps up with technological trends, but we are also in an incessant quest to bring news by offering solutions and services that make a difference to people’s lives.

With value recognized by the market, EVAL’s solutions and services meet the highest regulatory standards of public and private organizations, such as SBIS, ITI, PCI DSS, and LGPD. In practice, we promote information security and compliance, increase companies’ operational efficiency, and reduce costs.

Innovate now, lead always: get to know Eval’s solutions and services and take your company to the next level.

Eval, safety is value.


Sobre o(s) autor(es):


Outras postagens