How to Quantify The ACTUAL Cyber Solution Cost For Your IT & Cyber Budget

How to Quantify The ACTUAL Cyber Solution Cost For Your IT & Cyber Budget

In many cases, the pricing of cyber security solutions is not clear in the budget, or even worse, it is not an accurate representation of the real cost to the business! Which usually makes your C-Suite (particularly the CFO) extremely unhappy.



But it is our job as cyber security professionals to get to the most precise overall yearly cost of each solution.


We must quantify in order to get approval.


In this article, I am going to use the Microsoft E5 package as an example. It’s

  1. $35 per user monthly
  2. $420 Annually per user
  3. And for our example, we will assume the company has 1000 users.

Therefore the Annual cost of Microsoft E5 for 1000 users is: $420,000


But can you really say to your C-Suite that the Microsoft E5 Solution will cost the company only $420,000?

No ! it is not the “REAL” price.


So, what is missing and how do we get to the real/full price?


What is most commonly forgotten is the ‘people power’ for implementing these solutions. So, you need to quantify the hourly rates for both internal employees and external consultants:


  1. Cyber Security Expert (CISO or Equivalent) – mostly for the solution design and architecture.
  2. IT Management Expert – for the IT system design requirements
  3. 3rd Level IT Expert – For Implementation and High-Level Support
  4. 2nd Level IT Expert – Support
  5. 1st Level IT Expert – Support

* Screenshot from the BOARDISH application

With the rates set you’ll need to look at:


  1. How Many Hours annually are required to Design the solution architecture?
  2. How Many Hours annually are required to Deploy the Solution?
  3. How Many hours annually are required to Support the solution in the POC and POV stages?
  4. How Many hours annually are required to Support the solution after moving to production( Day To Day )

* Screenshot from the BOARDISH application


After you have qualified the initial design cost and ongoing maintenance cost, then, only then you will start to see the real cost of the solution.


Also, it’s important to remember that the amount of “Expert time” depends very much on the ability of your IT & Cyber team and how quickly they can learn. In many cases, the learning time of a new tool can surpass the amount of time to implement it, which can make it even more expensive.


Once you have the solution cost – we highly recommend showing it as part of your Cyber Security ROI (Return on investment), based on our experience it increased the chances of getting your solution cost approved by the C-Suite by 71%!


In this article below we show you exactly how to do that!


How to show ROI for Cyber Security

Eli Migdal – Co-Founder of Boardish.

Quicker IT & CYBER Budget Approvals

When technology meets 'bottom line'. There's Boardish.

Get the pragmatic guide to cyber risk quantification