How To Show Your Board That Cyber Security Solutions are NOT Expensive!

*This article originally appeared on LinkedIn here.

proving IT solutions isn't that expensive

This is not clickbait! – From my personal experience in cyber security and the insights from Boardish I have noticed a very clear analytical insight:

MOST Solutions costs are usually less than 1% of the overall financial impact of the threat.

Allow me to demonstrate using the most simple “threat example” – Data Breach as threat and GDPR as the financial impact.

For the sake of the example, I am going to ignore “Sales Loss” and “Salary Loss”, only focusing on the Regulation Impact and the Market Loss to make it easier:

Our test company will have the following info:

  • Turnover – 50,000,000 USD
  • Employees – 500
  • 1 Year to recover from losing market position
Company Info
 

Year to recover

The Only Threat that we will use in this example is Data Breach:

 

Threat

The Solution in this example will be Microsoft Azure Information Protection P2 (AIP P2) , because it has a very clear “per-user cost” and a very clear value and track record against Data Breaches. The cost per user is $5, so the yearly cost per user is 5 X 12 = $60

* Note that the standalone version of AIP P2 is not the most cost-effective way to purchase this but for this example, I wanted to show an exaggerated case.

 
TPF1

For this example I will provide 50% on-prem & Cloud efficiency

 

TPF

We can’t quantify a solution cost without the professional Labour involved in deploying and maintaining the tool, so I am using the following hourly rates similar to those of an IT service provider:

 
Hrly Rates

For this example, I am assuming that we need to do a full design and deployment project and then hand it over to the 1st & 3rd level IT team for ongoing maintenance.

  • 25 Hours of a Cyber Security Specialist to design the solution
  • 200 (yearly) Hours of 3rd Level IT for Admin level deployment & Maintenance
  • 180 (Yearly) Hours of 1st Level IT for more basic level maintenance
ExpertCosts

I am setting the Data Breach as a High GDPR regulation impact (which it is for most companies nowadays)

 
Regulation

And now let’s analyze the Boardish Dashboard:

  • We are filtering to only show the Regulation impact & Market Loss
  • The Total Threat of a Data Breach is $65.0M ($20M is Regulation and $45M is Market Loss)
  • The Total solution cost is $64K

The Total Solution Cost is 0.98% from the Total Threat Cost!

Dashboard

So the next time you’re trying to get your solutions approved by the board, show them how little it is in relation to the threat factor!

Eli Migdal – The Founder of Boardish

Show the true cost of cyber security

Explain why solutions are actually NOT expensive to a non-techy audience. 

Share this: