How To Show Your Board That Cyber Security Solutions are NOT Expensive!

proving IT solutions isn't that expensive

How To Show Your Board That Cyber Security Solutions are NOT Expensive!

*This article originally appeared on LinkedIn here.

proving IT solutions isn't that expensive

This is not clickbait! – From my personal experience in cyber security and the insights from Boardish I have noticed a very clear analytical insight:


MOST Solutions costs are usually less than 1% of the overall financial impact of the threat.


Allow me to demonstrate using the most simple “threat example” – Data Breach as threat and GDPR as the financial impact.


For the sake of the example, I am going to ignore “Sales Loss” and “Salary Loss”, only focusing on the Regulation Impact and the Market Loss to make it easier:


Our test company will have the following info:

  • Turnover – 50,000,000 USD
  • Employees – 500
  • 1 Year to recover from losing market position
Company Info

Year to recover

The Only Threat that we will use in this example is Data Breach:



The Solution in this example will be Microsoft Azure Information Protection P2 (AIP P2) , because it has a very clear “per-user cost” and a very clear value and track record against Data Breaches. The cost per user is $5, so the yearly cost per user is 5 X 12 = $60


* Note that the standalone version of AIP P2 is not the most cost-effective way to purchase this but for this example, I wanted to show an exaggerated case.


For this example I will provide 50% on-prem & Cloud efficiency



We can’t quantify a solution cost without the professional Labour involved in deploying and maintaining the tool, so I am using the following hourly rates similar to those of an IT service provider:

Hrly Rates

For this example, I am assuming that we need to do a full design and deployment project and then hand it over to the 1st & 3rd level IT team for ongoing maintenance.

  • 25 Hours of a Cyber Security Specialist to design the solution
  • 200 (yearly) Hours of 3rd Level IT for Admin level deployment & Maintenance
  • 180 (Yearly) Hours of 1st Level IT for more basic level maintenance

I am setting the Data Breach as a High GDPR regulation impact (which it is for most companies nowadays)


And now let’s analyze the Boardish Dashboard:

  • We are filtering to only show the Regulation impact & Market Loss
  • The Total Threat of a Data Breach is $65.0M ($20M is Regulation and $45M is Market Loss)
  • The Total solution cost is $64K

The Total Solution Cost is 0.98% from the Total Threat Cost!


So the next time you’re trying to get your solutions approved by the board, show them how little it is in relation to the threat factor!

Eli Migdal – The Founder of Boardish

Quicker IT & CYBER Budget Approvals

When technology meets 'bottom line'. There's Boardish.

Get the pragmatic guide to cyber risk quantification