How to Measure the Return On Investment (ROI) in Your CyberSecurity EnvironmentDefensive Cyber Security

Begin Learning Cyber Security for FREE Now!

Already a Member Login Here

Home Forums Cyber Security Defensive Cyber Security How to Measure the Return On Investment (ROI) in Your CyberSecurity Environment

This topic contains 0 replies, has 1 voice, and was last updated by  MD Khurshid Alam 2 years, 1 month ago.

Viewing 1 post (of 1 total)
  • Author
  • #100928

    MD Khurshid Alam

    How to Measure the Return On Investment (ROI) in Your CyberSecurity Environment

    May 25, 2017 by IRC Team in Blog
    The main concern of a business executive is a company’s profitability. Every day corporate executives make decisions where to invest company money by comparing the costs and benefits, seeking to understand their return on investment (ROI). Finding ways to keep cost down while getting the most out of your protection against cybersecurity breaches is a struggle for most businesses. To make matters worse, some organizations are setting up complex systems and defense mechanisms that can make ROI unquantifiable.

    Bottom line, good security means no financial, brand and image loss to a business. On the other hand, the financial impact of a successful breach can be deadly to a corporation. Potential cyber breaches and their consequences justify the upfront and ongoing expense required to prevent its occurrence. Businesses of all sizes and every industry get breached. The question is, how do businesses calculate and measure how much security is enough security? The good news is that with the right strategy, calculation and communication, understanding the ROI on your cybersecurity plan is entirely possible.

    First, there are costs involved in the overall implementation of a cybersecurity plan, such as monitoring systems and incident response software. These expenses can be easily measured.

    Secondly, recognizing and showing the benefits that can help strengthen a case for enhanced incident management can be very helpful. Far too often, cybersecurity measures focus squarely on prevention, when in reality it’s the remediation that can truly quantify the return. In reality, it is not the attack that is costly; but rather the expense involved in identifying, isolating, and resolving the issue before it has a chance to cause any damage.

    The majority of large corporations today find out that attacks are usually coming from their bank or a third party vendor. Using outside sources to detect breaches takes a greater amount of time than having products you can use in-house. Cybersecurity breaches happen in mere minutes. The gap between a compromise and detection is alarming, to say the least, and that’s without taking into account the amount of time it takes to recover. Most of the mean time to resolution (MTTR) is spent determining the actual problem, and the remainder is spent fixing the damages and resolving the problem.

    With the right technology and tools, there can be significant savings in MTTR alone. Keeping in mind that the type and severity of incidents will vary, it is essential to rank the incidents by resolution time and cost. The costs associated with support personnel may also vary based on level and skillset. Once you conduct an initial assessment and use the formula of Annual Cost of Incidents X Reduced Time to Resolution (%) = Annual Savings you can potentially save about 50-75 percent with your tools.

    Currently, IT executives understand the importance of investing in cybersecurity; the problem occurs when they need to convince other executives and corporate leadership.

    An important element of ensuring that all your tools are operating to maximum capacity is to get a Security Orchestration Automation Response (SOAR) product, like CyberSponse. This will help you create playbooks, which in turn help you assess what tools you will need and be ready whenever an attack is to follow. You will need the best of the best in the category, CyberSponse.

    CyberSponse Inc., a global leader in cybersecurity automation and orchestration, helps accelerate an organization’s processes, security operations teams and incident responders. The CyberSponse platform enables organizations to seamlessly integrate, automate and playbook their security tool stack, enabling better, faster and more effective security operations. With a global presence, offering an enterprise platform, CyberSponse enables organizations to secure their security operations teams and environments. For more information, visit

    For more on Cyber Incident Response and how to use playbooks in your organization please check out our other website:

Viewing 1 post (of 1 total)

You must be logged in to reply to this topic.

Our Revolution

We believe Cyber Security training should be free, for everyone, FOREVER. Everyone, everywhere, deserves the OPPORTUNITY to learn, begin and grow a career in this fascinating field. Therefore, Cybrary is a free community where people, companies and training come together to give everyone the ability to collaborate in an open source way that is revolutionizing the cyber security educational experience.

Support Cybrary

Donate Here to Get This Month's Donor Badge


We recommend always using caution when following any link

Are you sure you want to continue?