Corporate Security

How to Unlock the Value of a Security Investment

Posted January 15, 2019 by Resolver

The departmental battle for budget is never ending. Think about monthly leadership meetings, where each department head is trying to pitch why their project/software/ask from their team should come out on top. But the truth is, when presenting any sort of proposal to management, it’s usually the ones with the highest potential for profitability that win. That’s why it usually means that proposals brought forward by the “cost-centers” like the security team often lose.

That is unless the organization has faced a major event. In these instances, it’s easy to explain the value of investing in security.

For example, when a major pharmaceutical company has discovered counterfeit products being produced and sold with their name and logo. Along with lost revenue, counterfeits may impose other costs to the company such as increased costs to secure supply, reputational damage and the risk of liability should they cause any harm to users. If a company has not yet invested in anti-counterfeit technology, the case for investment is much easier after something like this happens.

But what about the forward-thinkers who haven’t experienced a significant event to make the case? That’s one of the reasons why security professionals have such a tough job. A job well done for them usually means that no one even knows that they’ve done their job.

Calculating the ROI of a New Investment

That said, we understand how challenging it can be to get approval for software that the leadership team might not see as critical to business performance. But, when it comes to the safety and security of your organization, can you really afford not to?

To help you make your case, we’ve developed an ROI calculator and an accompanying guide to help you think through the sources of value and do a rough quantification of the potential return. This exercise is an estimate of the potential return on your investment. Download this calculator to:

Identify the number of incidents that impact your organization
Realize the cost of those incidents
Calculate the potential ROI of investing in software

ROI = (Gain from investment – cost of investment) / Cost of investment

Get Resolver’s free return on investment tool here.

Key Metrics to Understand when Evaluating a Security Investment

It’s very common for us to see or hear something and quickly disassociate it from the possibility of it being reality for us. Like when we hear about a cyber breach that causes irreparable damage to an organization, or when a facility is victim to a physical security attack – we usually think “that won’t happen to us.” But in reality, we don’t know that it won’t. Experts warn us that we should be in the mindset of thinking less about IF something will happen, but WHEN.

Understanding the potential impact of events can save your organization from financial and reputational damage. Here are a few important things you should clearly understand about your organization:

Single loss expectancy: The expected amount of money that is lost during a single security incident (dependent on whether assets have been evaluated).
Annual rate of occurrence: The likelihood or probability of a security incident occurring in a year.
Annual loss expectancy: The total annual financial loss from security incidents. This is the number that demonstrates how much money can be lost by just maintaining business as usual.

A clear definition of each value above will help security teams to not only identify risks, but also identify controls and their potential impact on the entire organization.

Getting Stakeholder Buy-In for New Software

Even though corporate security teams are tasked with ensuring that all locations, people, and assets associated with organization are kept safe, secure, and protected, they usually receive minimal budget to do so. This is further complicated when these teams look to leadership to support them in their initiatives, especially when the ask is for software. Every business is inundated with priorities and burning issues at every corner. So, how do you ensure that your organization moves forward with the solution that will help you do your job more effectively and better protect the organization? By making a crystal-clear business case.

Building the Case for an Investment in Software

Imagine for a second, a world where you didn’t rely on Excel to produce, report on, and present incident reports. If you didn’t have to chase information, collate spreadsheets, comb through emails, and track down documents – what would you do with that extra time? With Resolver, users have access to quality, timely data so that they can drive actionable insight.

When building the business case for Incident and Investigations Management software, it’s imperative to highlight the opportunities hiding in the missed reporting. Not sure where to start? We’ve developed an ROI calculator to help you think through the sources of value and conduct a rough quantification of the potential return.

Cookie	Duration	Description
AWSALBCORS	7 days	This cookie is managed by Amazon Web Services and is used for load balancing.
BIGipServersj13web-nginx-app_https	session	This cookie name is associated with the BIG-IP product suite from company F5. Usually associated with managing sessions on load balanced servers, to ensure user requests are routed consistently to the correct server. The common root is BIGipServer most commonly followed by a domain name, usually the one that it is hosted on, but not always.
cookielawinfo-checkbox-advertisement	1 year	Set by the GDPR Cookie Consent plugin, this cookie is used to record the user consent for the cookies in the "Advertisement" category .
cookielawinfo-checkbox-analytics	11 months	This cookie is set by GDPR Cookie Consent plugin. The cookie is used to store the user consent for the cookies in the category "Analytics".
cookielawinfo-checkbox-functional	11 months	The cookie is set by GDPR cookie consent to record the user consent for the cookies in the category "Functional".
cookielawinfo-checkbox-necessary	11 months	This cookie is set by GDPR Cookie Consent plugin. The cookies is used to store the user consent for the cookies in the category "Necessary".
cookielawinfo-checkbox-others	11 months	This cookie is set by GDPR Cookie Consent plugin. The cookie is used to store the user consent for the cookies in the category "Other.
cookielawinfo-checkbox-performance	11 months	This cookie is set by GDPR Cookie Consent plugin. The cookie is used to store the user consent for the cookies in the category "Performance".
CookieLawInfoConsent	1 year	Records the default button state of the corresponding category & the status of CCPA. It works only in coordination with the primary cookie.
datadome	session	This is a security cookie set by Force24 to detect BOTS and malicious traffic.
viewed_cookie_policy	11 months	The cookie is set by the GDPR Cookie Consent plugin and is used to store whether or not user has consented to the use of cookies. It does not store any personal data.
XSRF-TOKEN	6 months	This cookie is set by Wix and is used for security purposes.
_mkto_trk	2 years	This cookie, provided by Marketo, has information (such as a unique user ID) that is used to track the user's site usage. The cookies set by Marketo are readable only by Marketo.
__cfruid	session	Cloudflare sets this cookie to identify trusted web traffic.
__resolver-ref	session	This cookie is set by Resolver to ensure visitors receive unique content after submitting a form on our website.

Cookie	Duration	Description
bcookie	2 years	LinkedIn sets this cookie from LinkedIn share buttons and ad tags to recognize browser ID.
lang	session	This cookie is used to store the language preferences of a user to serve up content in that stored language the next time user visit the website.
lidc	1 day	LinkedIn sets the lidc cookie to facilitate data center selection.
sp_landing	1 day	The sp_landing is set by Spotify to implement audio content from Spotify on the website and also registers information on user interaction related to the audio content.
sp_t	1 year	The sp_t cookie is set by Spotify to implement audio content from Spotify on the website and also registers information on user interaction related to the audio content.
__cf_bm	30 minutes	This cookie, set by Cloudflare, is used to support Cloudflare Bot Management.

Cookie	Duration	Description
ADRUM_BT1	past	This cookie is set by AppDynamics and is used to optimize the visitor experience on the website by detecting errors on the website and share the information to support staff.
ADRUM_BTa	past	This cookie is set by AppDynamics and used to optimize the visitor experience on the website by detecting errors on the website and share the information to support staff.
AWSALB	7 days	AWSALB is an application load balancer cookie set by Amazon Web Services to map the session to the target.

Cookie	Duration	Description
ajs_anonymous_id	never	This cookie is set by Segment.io to check the number of ew and returning visitors to the website.
ajs_user_id	never	The cookie is set by Segment.io and is used to analyze how you use the website
CONSENT	16 years 2 months 17 days 10 hours	YouTube sets this cookie via embedded youtube-videos and registers anonymous statistical data.
ln_or	1 day	Linkedin sets this cookie to registers statistical data on users' behaviour on the website for internal analytics.
_ga	2 years	The _ga cookie, installed by Google Analytics, calculates visitor, session and campaign data and also keeps track of site usage for the site's analytics report. The cookie stores information anonymously and assigns a randomly generated number to recognize unique visitors.
_gat_gtag_UA_4655365_4	1 minute	Set by Google to distinguish users.
_gat_UA-4655365-4	1 minute	A variation of the _gat cookie set by Google Analytics and Google Tag Manager to allow website owners to track visitor behaviour and measure site performance. The pattern element in the name contains the unique identity number of the account or website it relates to.
_ga_VCHH3SM1QW	2 years	This cookie is installed by Google Analytics.
_gcl_au	3 months	Provided by Google Tag Manager to experiment advertisement efficiency of websites using their services.
_gid	1 day	Installed by Google Analytics, _gid cookie stores information on how visitors use a website, while also creating an analytics report of the website's performance. Some of the data that are collected include the number of visitors, their source, and the pages they visit anonymously.
_hjAbsoluteSessionInProgress	30 minutes	Hotjar sets this cookie to detect the first pageview session of a user. This is a True/False flag set by the cookie.
_hjFirstSeen	30 minutes	Hotjar sets this cookie to identify a new user’s first session. It stores a true/false value, indicating whether it was the first time Hotjar saw this user.
_hjid	1 year	This is a Hotjar cookie that is set when the customer first lands on a page using the Hotjar script.
_hjIncludedInPageviewSample	2 minutes	Hotjar sets this cookie to know whether a user is included in the data sampling defined by the site's pageview limit.
_hjIncludedInSessionSample	2 minutes	Hotjar sets this cookie to know whether a user is included in the data sampling defined by the site's daily session limit.
_omappvp	11 years	The _omappvp cookie is set by OptinMonster to distinguish new and returning users and is used in conjunction with _omappvs cookie.
_omappvs	20 minutes	The _omappvs cookie set by OptinMonster, used in conjunction with the _omappvp cookies, is used to determine if the visitor has visited the website before, or if it is a new visitor.
_uetsid	1 day	This cookies are used to collect analytical information about how visitors use the website. This information is used to compile report and improve site.

Cookie	Duration	Description
anj	3 months	AppNexus sets the anj cookie that contains data stating whether a cookie ID is synced with partners.
bscookie	2 years	This cookie is a browser ID cookie set by Linked share Buttons and ad tags.
fr	3 months	Facebook sets this cookie to show relevant advertisements to users by tracking user behaviour across the web, on sites that have Facebook pixel or Facebook social plugin.
IDE	1 year 24 days	Google DoubleClick IDE cookies are used to store information about how the user uses the website to present them with relevant ads and according to the user profile.
MUID	1 year 24 days	Bing sets this cookie to recognize unique web browsers visiting Microsoft sites. This cookie is used for advertising, site analytics, and other operations.
personalization_id	2 years	Twitter sets this cookie to integrate and share features for social media and also store information about how the user uses the website, for tracking and targeting.
sa-user-id	1 year	StackAdapt sets this cookie as a Random Identifier for user identification, to display relevant advertisements.
sa-user-id-v2	1 year	StackAdapt sets this cookie as a Random Identifier for user identification, to display relevant advertisements.
test_cookie	15 minutes	The test_cookie is set by doubleclick.net and is used to determine if the user's browser supports cookies.
uuid2	3 months	The uuid2 cookie is set by AppNexus and records information that helps in differentiating between devices and browsers. This information is used to pick out ads delivered by the platform and assess the ad performance and its attribute payment.
VISITOR_INFO1_LIVE	5 months 27 days	A cookie set by YouTube to measure bandwidth that determines whether the user gets the new or old player interface.
YSC	session	YSC cookie is set by Youtube and is used to track the views of embedded videos on Youtube pages.
yt-remote-connected-devices	never	YouTube sets this cookie to store the video preferences of the user using embedded YouTube video.
yt-remote-device-id	never	YouTube sets this cookie to store the video preferences of the user using embedded YouTube video.
yt.innertube::nextId	never	This cookie, set by YouTube, registers a unique ID to store data on what videos from YouTube the user has seen.
yt.innertube::requests	never	This cookie, set by YouTube, registers a unique ID to store data on what videos from YouTube the user has seen.
_fbp	3 months	This cookie is set by Facebook to display advertisements when either on Facebook or on a digital platform powered by Facebook advertising, after visiting the website.
_uetvid	1 year 24 days	This cookie is set by Bing to store and track visits across websites.

How to Unlock the Value of a Security Investment

Calculating the ROI of a New Investment

Get Resolver’s free return on investment tool here.

Key Metrics to Understand when Evaluating a Security Investment

Getting Stakeholder Buy-In for New Software

Building the Case for an Investment in Software

Try Resolver’s free return on investment calculator here.

About the Author

Related

Cookie	Duration	Description
33ff0b0c0c	session	No description
ajs_group_id	never	This cookie is set by Segment.io. The purpose of the cookie is currently not identified.
AnalyticsSyncHistory	1 month	This cookie set by LinkedIn is used to store information about the time a sync with the lms_analytics cookie took place for users in the Designated Countries
AWSALBAPP-0	7 days	No description
AWSALBAPP-1	7 days	No description
AWSALBAPP-2	7 days	No description
AWSALBAPP-3	7 days	No description
debug	never	No description available.
DEVICE_INFO	5 months 27 days	No description
guestidc	session	This cookie is set by Jobvite.
li_gc	2 years	Set by LinkedIn and used to store consent of guests regarding the use of cookies for non-essential purposes
loglevel	never	No description available.
muc_ads	2 years	No description
rl_anonymous_id	never	No description available.
rl_user_id	never	No description available.
UserMatchHistory	1 month	Linkedin - Used to track visitors on multiple websites, in order to present relevant advertisement based on the visitor's preferences.
visitorId	1 year	No description
_cfuvid	session	No description
_hjSessionUser_103316	1 year	No description
_hjSession_103316	30 minutes	No description
_smm_answers	session	No description
_smm_answers_text	session	No description