Have you ever faced a situation where you have been told that your security measures are too expensive? Or you find it very difficult to explain to your management what the consequences could be if an incident occurs? Proving that it is worth investing in security is tough, but our Return on Security Investment (ROSI) calculator can help you. It’s completely free.
The definition of Return on Security Investment is the following: ROSI = monetary risk mitigation − cost of control. Therefore, a security investment is judged to be profitable if the risk mitigation effect is greater than the expected costs. (Source: Christian Locher, Methodologies for evaluating information security investments, 2005).
Following that definition, here is how our ROSI calculator performs the Return on Security Investment analysis:
Step #1 – it calculates the cost of an incident by taking into account all the relevant costs if an incident occurs and the probability of incident occurrence.
Step #2 – it calculates the cost of security measure(s)/control(s), and the level to which the risk of this incident would decrease because of such mitigation.
The final result (after Step #2) is the calculation of whether the gain (the risk decrease) is higher than the needed investment (security measures/controls).