While there certainly are ways to detail the ROI of security, there’s still a lot of miscalculation that happens when it comes to the true cost of a security incident.
You’ve likely made the security pitch several times to management or the executive suite, and each time they directed investment dollars elsewhere. The CFO may have been the most resistant and ask “what’s the ROI?” which is a simple question but often tough to answer even for standard investments like product development. When it comes to security this can be an extremely daunting question that causes some reasonable frustration. There are ways, however, you can calculate the Security Return on Investment for review by finance and the executive team. It should be noted that while the method presented here is straightforward, there is a common behavior of miscalculation that happens in regards to cost of an incident. Read the full article at CSO Online.