This post was originally published on IT Pro Today
Measuring most types of return on investment (ROI) is relatively straightforward: You compare the cost of what you spent to the value of what you gained in return.
However, calculating cybersecurity ROI presents a big challenge: It’s not always clear how much value cybersecurity investments create because when the investments are effective, nothing happens — meaning no security breaches occur. And you can’t easily quantify the monetary value of nothing.
But that doesn’t mean it’s impossible to measure cybersecurity ROI in a meaningful way. The numbers may always be a bit hazier than more concrete forms of ROI, but nonetheless businesses can — and should — attempt to determine how much monetary value their cybersecurity investments yield.
Why Cybersecurity ROI Is Hard to Calculate
Quantifying the total cost of cybersecurity investments — which have long been at the top of most companies’ IT spending priorities — is easy enough. It entails adding up the cost of the hardware resources, software tools, and personnel (including both internal employees as well as any outsourced cybersecurity services) that an organization deploys to mitigate security risks.
But determining how much value those investments yield is where things get tricky. This is primarily because, again, the goal of cybersecurity investments
— Read the rest of this post, which was originally published on IT Pro Today.
