About the Author
How to Unlock the Value of a Security Investment
Modified March 16, 2022 By Resolver
The departmental battle for budget is never ending. Think about monthly leadership meetings, where each department head is trying to pitch why their project/software/ask from their team should come out on top. But the truth is, when presenting any sort of proposal to management, it’s usually the ones with the highest potential for profitability that win. That’s why it usually means that proposals brought forward by the “cost-centers” like the security team often lose.
That is unless the organization has faced a major event. In these instances, it’s easy to explain the value of investing in security.
For example, when a major pharmaceutical company has discovered counterfeit products being produced and sold with their name and logo. Along with lost revenue, counterfeits may impose other costs to the company such as increased costs to secure supply, reputational damage and the risk of liability should they cause any harm to users. If a company has not yet invested in anti-counterfeit technology, the case for investment is much easier after something like this happens.
But what about the forward-thinkers who haven’t experienced a significant event to make the case? That’s one of the reasons why security professionals have such a tough job. A job well done for them usually means that no one even knows that they’ve done their job.
Calculating the ROI of a New Investment
That said, we understand how challenging it can be to get approval for software that the leadership team might not see as critical to business performance. But, when it comes to the safety and security of your organization, can you really afford not to?
To help you make your case, we've developed an ROI calculator and an accompanying guide to help you think through the sources of value and do a rough quantification of the potential return. This exercise is an estimate of the potential return on your investment. Download this calculator to:
- Identify the number of incidents that impact your organization
- Realize the cost of those incidents
- Calculate the potential ROI of investing in software
ROI = (Gain from investment – cost of investment) / Cost of investment
Get Resolver’s free return on investment tool here.
Key Metrics to Understand when Evaluating a Security Investment
It’s very common for us to see or hear something and quickly disassociate it from the possibility of it being reality for us. Like when we hear about a cyber breach that causes irreparable damage to an organization, or when a facility is victim to a physical security attack – we usually think “that won’t happen to us.” But in reality, we don’t know that it won’t. Experts warn us that we should be in the mindset of thinking less about IF something will happen, but WHEN.
Understanding the potential impact of events can save your organization from financial and reputational damage. Here are a few important things you should clearly understand about your organization:
- Single loss expectancy: The expected amount of money that is lost during a single security incident (dependent on whether assets have been evaluated).
- Annual rate of occurrence: The likelihood or probability of a security incident occurring in a year.
- Annual loss expectancy: The total annual financial loss from security incidents. This is the number that demonstrates how much money can be lost by just maintaining business as usual.
A clear definition of each value above will help security teams to not only identify risks, but also identify controls and their potential impact on the entire organization.
Getting Stakeholder Buy-In for New Software
Even though corporate security teams are tasked with ensuring that all locations, people, and assets associated with organization are kept safe, secure, and protected, they usually receive minimal budget to do so. This is further complicated when these teams look to leadership to support them in their initiatives, especially when the ask is for software. Every business is inundated with priorities and burning issues at every corner. So, how do you ensure that your organization moves forward with the solution that will help you do your job more effectively and better protect the organization? By making a crystal-clear business case.
Building the Case for an Investment in Software
Imagine for a second, a world where you didn’t rely on Excel to produce, report on, and present incident reports. If you didn’t have to chase information, collate spreadsheets, comb through emails, and track down documents – what would you do with that extra time? With Resolver, users have access to quality, timely data so that they can drive actionable insight.
When building the business case for Incident and Investigations Management software, it’s imperative to highlight the opportunities hiding in the missed reporting. Not sure where to start? We’ve developed an ROI calculator to help you think through the sources of value and conduct a rough quantification of the potential return.