Those familiar with business concepts have long been exposed to “ROI,” or “return on investment.” Quite simply, it’s the benefit of an investment divided by the cost of the investment. In cyber security, however, the figure is not so clear-cut.
The space, once considered “fledgling” and/or siloed and perhaps secondary, has now risen to prominence in the enterprise, as security teams ward off potent threats on a daily basis. Resource-constrained teams are monitoring the network, orchestrating incident response and communicating security posture to the board and upper management.
In the process, Chief Information Security Officers (CISO) and the like are forced to translate technical detail to a “business” language of dollars and cents. The message, in its entirety, could fall upon deaf ears, however, meaning stagnant security spend or a focus in rather fringe areas.
There are certainly a number of moving parts within the security question – especially as threats morph around the clock. For other areas of the business, ROI is communicated clearly and efficiently – to find a percentage or ratio of the investment gain. When cyber…
