INSIGHT | October 6, 2009
Determining ROI has always been a subjective, time-consuming process, but in the world of data security and privacy, is it really necessary in the first place? While it's certainly a best practice in marketing to analyze the cost of an ad campaign vs. the increase in top line growth as a result, in security, weighing cost vs benefit, not return (earnings) is key. Is it an investment? Of course, but the focus is solely on loss prevention and remediation.
"Cost vs. benefit" is a much different way to look at the heart of the matter, but in recent years, seems to be getting confused with "ROI" as a growing number of vendors bloat numbers to get the much-needed "return on investment" ratio articulated by security buyers.
Why not use a much simpler approach rooted in common sense and logic? After all, security and privacy pose a number of risks that are much harder to quantify, i.e. brand/reputational cost, decreased confidence among customers and partners, civil penalties, or the cost of protecting victims from identity theft, or changing their account information.
The recommended approach? Take a look at your organization, recent breaches, new legislation and evolving privacy laws and assess how much you would pay to prevent these costs.
How much would you pay to avoid a multi-million dollar penalty (H.R. 2221), $320+ million in breach-related costs (TJX), $12.6 million in costs, 50% reduction in stock price and market cap (Heartland Payment Systems), job loss, decreased market share, negatively impacted brand reputation or decreased customer confidence? Some of these numbers are very difficult to quantify, but large none the less.
According to The Ponemon Institute's "2008 Annual Study: Cost of a Data Breach", organizations average $202 per compromised customer record. Congress has also caught onto the fact that sensitive information, such as Personally Identifiable Information (PII), and Protected Health Information (PHI) is being disclosed at staggering rates without being reported. In addition to putting consumers at increased risk for identity theft, financial fraud and medical id theft, compromised data can incur a cost $5 million per state with a breach of as little as 455 individual records.
So how can your organization better evaluate needed security and intelligence solutions with an eye towards doing more with less? Take a holistic view of your organization from a risk, privacy, legal and security perspective, and don't get stuck in the vendor ROI trap. Truly analyze "cost vs. benefit".
If you’re really focused on generating return, it is possible. Pursue vendors that provide true business intelligence that could lead to cost saving opportunities.
Tiversa helps customers detect supply chain vulnerabilities and quantify global risk with actionable intelligence. By serving as a real-time security, compliance and policy audit, our services help organizations identify gaps and focus resources in an effort reinforce weak links internally, as well as other benefits.
You can negotiate cost-down savings with third parties that are in violation or those that are repeat offenders. Make it a point to understand what safeguards vendors take in protecting your company's data and build it into your SLA.
When a business unit can make the switch from cost-center to profit-center, not only will that group be looked at as innovative, but they will have even more budget in which to evaluate solutions.
|
|
| |
Key Takeaways
HOLISTIC VIEW | Get a complete view of your organization from a risk, privacy, legal and security perspective, and don't get stuck in the vendor ROI trap. Truly analyze "cost vs. benefit".
B.I. IS KEY | Pursue vendors that provide true business intelligence that could lead to cost saving opportunities. Tiversa helps customers detect supply chain vulnerabilities and quantify global risk with actionable intelligence. By serving as a real-time security, compliance and policy audit, our services help organizations identify gaps and focus resources in an effort reinforce weak links internally, as well as other benefits.
NEGOTIATE | You can negotiate cost-down savings with third parties that are in violation or those that are repeat offenders. Make it a point to understand what safeguards vendors take in protecting your company's data and build it into your SLA.
|
|
|
