Shutterstock image (by Rawpixel): Data file folder background.

Cybersecurity

Cyber tools that maximize ROI (maybe)

A new report by Ponemon Institute found that 70 percent of IT and security professionals believe return on investment metrics are important when selecting security technologies.  The ROI for different types of cybersecurity efforts, however, can vary tremendously: 

 

Security technologies with the highest ROI

Technology ROI
A. Identity & access management 31%
B. SIEM & security intelligence 29%
C. Encryption for data at rest 25%
D. Encryption for data in motion 25%
E. Anti-virus & anti-malware 25%

Security technologies with the lowest ROI

Technology ROI
F. Access governance systems 9%
G. ID & credentialing system 8%
H. Automated policy generation 8%
I. Firewalls (traditional) 7%
J. Perimeter or location surveillance 6%

The research, which was sponsored by Lockheed Martin, also found the real ROI was often difficult to determine -- 70 percent of respondents said it is difficult to accurately calculate the ROI of any given security solution.  And given that 64 percent of respondents listed cost as the most important factor when implementing a security technology, the imprecision of ROI calculations could play a role in projects being shelved almost as soon as they've begun.  

Compare the projected ROIs above with the types of security technologies most often "shelved" before or soon after deployment:

  • Data loss prevention (55 percent)
  • Identity and access management (51 percent)
  • SIEM and security intelligence (49 percent)
  • Web application firewalls (46 percent)
  • Intrusion and detection management (44 percent)

On the other hand, here are the top five security technologies least often shelved before or soon after deployment:

  • Traditional firewalls (5 percent)
  • Encryption for data at rest (8 percent)
  • Perimeter or location surveillance (9 percent)
  • Tokenization tools (10 percent)
  • Virtual private networks (11 percent)

Most respondents (77 percent), however, cited “the technology was overly complex and too difficult to operate” as the most frequent cause for shelving a security investment. Other contributors to early cancellation included  a “lack of in-house expertise to deploy and operate the technology” (55 percent), “the technology was too expensive to maintain” (41 percent) and a “lack of vendor support and service” (27 percent).

Source: Risk & Innovation in Cyersecurity Investments

About the Author

Jonathan Lutton is an FCW editorial fellow. Connect with him at jlutton@fcw.com

inside gcn

  • When cybersecurity capabilities are paid for, but untapped

Reader Comments

Please post your comments here. Comments are moderated, so they may not appear immediately after submitting. We will not post comments that we consider abusive or off-topic.

Please type the letters/numbers you see above

More from 1105 Public Sector Media Group