Why Security is Viewed as a Negative ROI

in security •  3 months ago


Story Link: https://securityintelligence.com/news/more-than-a-quarter-of-executives-view-security-investments-as-having-a-negative-roi/

Not a surprise that more than a quarter of executives see security as a negative ROI. I think the simple answer is they are not measuring it correctly. Not faulting them as ROSI (Return on Security Investment) is a very difficult beast to corner and quantify with any accuracy. Traditional ROI methods and tools are not effective for cybersecurity as they are for other traditional project management use-cases where the value and costs can easily be quantified.

But here is the kicker: just because they could not quantify the ROI to determine the value, they likely still went forward with instituting some security. This is a good first step, because it is unrealistic to apply the same decision criteria methodology when the ROSI can't be determined. We must think out of the box and if necessary use qualitative measures and metrics to move closer to the optimal level of security that balances risks, costs, and usability.

Authors get paid when people like you upvote their post.
If you enjoyed what you read here, create your account today and start earning FREE STEEM!
Sort Order:  

It is tough to manage what you cannot measure.

I agree it is tough to measure, until you have a breach and the numbers are very easy to determine...