Quantifying ROI in Cybersecurity Spend


You cannot separate cost and value in business: value is used to justify cost. Business value is measured by the return on investment (ROI) from cost. By understanding current ROI it is easier to justify future cost because you know the value. But this is a problem: how do you measure or quantify ROI in cybersecurity spend?

The problem

“A good day in security is when nothing bad happens,” says Sounil Yu, CISO at JupiterOne. The problem for understanding ROI is why did nothing bad happen? Was it luck, and on that day, you were not attacked by an elite hacker?