Blog

The ROI Behind Threat Intelligence

Joe Franscella
July 25, 2016
Table of contents
<p>Return on investment is a complicated factor to determine, as is your relative level of security. Damages from a single incident <a href="http://www.firstpost.com/business/smbs-lose-around-38000-in-every-cyber-attack-2515032.html" target="_blank">cost SMEs an average of $38K</a>. Stay competitive by prioritizing strategic security measures. Superior threat intelligence and breach detection will make you a less desirable target and give you peace of mind. Granted not every stakeholder sees value in peace of mind, so in order to get full support, make a case for the great ROI on a threat intelligence program.</p><p>Creating a solid cyber-security program requires an investment in software, its configuration, and staff to continually monitor and respond to the alerts. Even with an <a href="https://www.anomali.com/blog/category/open-source">open source threat intelligence platform</a>, there will be costs to justify. To determine ROI, one must determine overall investment of labor and capital against another figure that is harder to determine, the cost of events which were avoided.</p><p>Potential losses can only be estimated, but data and case studies from other successful breaches can form an educated guess about the severity of damages. Take stock of all your exploitable resources from workstation PCs up to your most guarded proprietary info and brainstorm the ways they may be exploited, stolen, sabotaged, etc. Estimate the cost of fixing the damages and consider the long term losses which could be sustained by losing a competitive advantage or losing the public’s trust in your brand.</p><p>Loss Per Incident X Yearly Incidents = ALE. To calculate ROI you must first calculate your annual loss expectancy. Try not to become overwhelmed once you assign a reasonable cash value to each of these costs:</p><ul><li>Investigating the breach</li><li>Recreating deleted, sabotaged, or otherwise compromised assets</li><li>Increase in liability insurance premiums</li><li>Making restitutions to those whose personal data was exposed</li><li>Fines and other liabilities resulting from negligence</li><li>Lost production during down-time</li><li>Labor and software expenses for scrubbing malware from each workstation</li><li>Rising cost of fees extorted with <a href="https://www.anomali.com/blog/targeted-ransomware-activity">ransomware</a></li><li>Public relations experts to perform crisis communication</li></ul><p>If you want job security, take a long term approach to your investment in threat intelligence. Some threats, like malware attacks, have quantifiable damages whereas other attacks cripple your operation on a bigger scale and are harder to calculate in the long run. What advantages would you lose if your competitor could benefit from your work without investing into its development? Think how tragic it would be if a preventable data breach were the turning point in your company’s downward trajectory. Other companies are taking heed; investment in IT security has <a href="http://www.pwc.com/gx/en/issues/cyber-security/information-security-survey.html" target="_blank">increased 24% for business and government</a> in 2015.</p><p>Before scoffing at the costs of a top notch threat intelligence program, remember that this knowledge wasn’t even available in the past. People spied on competitors and helped themselves to useful data, but there weren’t as many solid clues to their targets and identities before the Internet. History’s greatest captains of industry would surely have leapt at an opportunity to learn who has been sniffing around for secrets. Take a page from their book and pull out all the stops with regards to protecting your network.</p><p>Being able to see the ROI behind a product or service really brings the need even more to the surface. Now that you know there is ROI behind Threat Intelligence, learn how to build a threat intelligence program from scratch.</p><p><span class="hs-cta-wrapper" id="hs-cta-wrapper-f68f0b2e-fb62-48eb-acd6-8b2ad6455083"><span class="hs-cta-node hs-cta-f68f0b2e-fb62-48eb-acd6-8b2ad6455083" data-hs-drop="true" id="hs-cta-f68f0b2e-fb62-48eb-acd6-8b2ad6455083" style="visibility: visible; display: block; text-align: center;"><a class="cta_button" cta_dest_link="{page_3451}" href="https://cta-service-cms2.hubspot.com/ctas/v2/public/cs/c/?cta_guid=0a81b108-0c35-466f-8ccb-36ff661bc040&amp;placement_guid=f68f0b2e-fb62-48eb-acd6-8b2ad6455083&amp;portal_id=458120&amp;redirect_url=APefjpG4zevDWRodCNOEQoJEzProaDEEnRARtdIn7FHIYexdjXZkklcpBSD6QGnudJXGu1oggzhmuG3mwwc8CEmsSCtFUQia-Gfban-C_m1bXF3GGuhygkWbO7V4RveKOuVBHvtSVeYKWB4tmiKiREfO-35n7Nw4vsbxfeJAeorzH8Up9kgukUCx2P6jVtje8F9FXR--QBTNRuTfEihhNcEJYXGr0COuzk3HM47o_7orTewKtDqczmhmrpfbg5Znb85axJTpSXZoGZ6XWuYA5NDHSv47Kq0Hjxe-EmTIknPUzaJrp45HvK6jXDZuGkI56V1iyfqNSZq6rUN22F34OzQXRHyctrUNYw&amp;hsutk=2767d93d6471d657e0c9f660e4b58ef8&amp;utm_referrer=https%3A%2F%2Fblog.anomali.com%2Fthe-roi-behind-threat-intelligence&amp;canon=https%3A%2F%2Fblog.anomali.com%2Fthe-roi-behind-threat-intelligence&amp;pageId=4287718333&amp;__hstc=41179005.2767d93d6471d657e0c9f660e4b58ef8.1456736058655.1478822660171.1478831861868.179&amp;__hssc=41179005.73.1478831861868&amp;__hsfp=1335165674" id="cta_button_458120_0a81b108-0c35-466f-8ccb-36ff661bc040" style="margin: 20px auto;" target="_blank" title="View It Here">View It Here </a> </span> <script charset="utf-8" src="https://js.hscta.net/cta/current.js"></script> <script type="text/javascript">hbspt.cta.load(458120, 'f68f0b2e-fb62-48eb-acd6-8b2ad6455083', {});</script> </span></p>
Joe Franscella

Joe Franscella is the former Vice President of Corporate Communications at Anomali.

Discover More About Anomali

Get the latest news about Anomali's Security and IT Operations platform,

SEe all Resources
No items found.
No items found.

Propel your mission with amplified visibility, analytics, and AI.

Learn how Anomali can help you cost-effectively improve your security posture.

July 25, 2016
-
Joe Franscella
,

The ROI Behind Threat Intelligence

<p>Return on investment is a complicated factor to determine, as is your relative level of security. Damages from a single incident <a href="http://www.firstpost.com/business/smbs-lose-around-38000-in-every-cyber-attack-2515032.html" target="_blank">cost SMEs an average of $38K</a>. Stay competitive by prioritizing strategic security measures. Superior threat intelligence and breach detection will make you a less desirable target and give you peace of mind. Granted not every stakeholder sees value in peace of mind, so in order to get full support, make a case for the great ROI on a threat intelligence program.</p><p>Creating a solid cyber-security program requires an investment in software, its configuration, and staff to continually monitor and respond to the alerts. Even with an <a href="https://www.anomali.com/blog/category/open-source">open source threat intelligence platform</a>, there will be costs to justify. To determine ROI, one must determine overall investment of labor and capital against another figure that is harder to determine, the cost of events which were avoided.</p><p>Potential losses can only be estimated, but data and case studies from other successful breaches can form an educated guess about the severity of damages. Take stock of all your exploitable resources from workstation PCs up to your most guarded proprietary info and brainstorm the ways they may be exploited, stolen, sabotaged, etc. Estimate the cost of fixing the damages and consider the long term losses which could be sustained by losing a competitive advantage or losing the public’s trust in your brand.</p><p>Loss Per Incident X Yearly Incidents = ALE. To calculate ROI you must first calculate your annual loss expectancy. Try not to become overwhelmed once you assign a reasonable cash value to each of these costs:</p><ul><li>Investigating the breach</li><li>Recreating deleted, sabotaged, or otherwise compromised assets</li><li>Increase in liability insurance premiums</li><li>Making restitutions to those whose personal data was exposed</li><li>Fines and other liabilities resulting from negligence</li><li>Lost production during down-time</li><li>Labor and software expenses for scrubbing malware from each workstation</li><li>Rising cost of fees extorted with <a href="https://www.anomali.com/blog/targeted-ransomware-activity">ransomware</a></li><li>Public relations experts to perform crisis communication</li></ul><p>If you want job security, take a long term approach to your investment in threat intelligence. Some threats, like malware attacks, have quantifiable damages whereas other attacks cripple your operation on a bigger scale and are harder to calculate in the long run. What advantages would you lose if your competitor could benefit from your work without investing into its development? Think how tragic it would be if a preventable data breach were the turning point in your company’s downward trajectory. Other companies are taking heed; investment in IT security has <a href="http://www.pwc.com/gx/en/issues/cyber-security/information-security-survey.html" target="_blank">increased 24% for business and government</a> in 2015.</p><p>Before scoffing at the costs of a top notch threat intelligence program, remember that this knowledge wasn’t even available in the past. People spied on competitors and helped themselves to useful data, but there weren’t as many solid clues to their targets and identities before the Internet. History’s greatest captains of industry would surely have leapt at an opportunity to learn who has been sniffing around for secrets. Take a page from their book and pull out all the stops with regards to protecting your network.</p><p>Being able to see the ROI behind a product or service really brings the need even more to the surface. Now that you know there is ROI behind Threat Intelligence, learn how to build a threat intelligence program from scratch.</p><p><span class="hs-cta-wrapper" id="hs-cta-wrapper-f68f0b2e-fb62-48eb-acd6-8b2ad6455083"><span class="hs-cta-node hs-cta-f68f0b2e-fb62-48eb-acd6-8b2ad6455083" data-hs-drop="true" id="hs-cta-f68f0b2e-fb62-48eb-acd6-8b2ad6455083" style="visibility: visible; display: block; text-align: center;"><a class="cta_button" cta_dest_link="{page_3451}" href="https://cta-service-cms2.hubspot.com/ctas/v2/public/cs/c/?cta_guid=0a81b108-0c35-466f-8ccb-36ff661bc040&amp;placement_guid=f68f0b2e-fb62-48eb-acd6-8b2ad6455083&amp;portal_id=458120&amp;redirect_url=APefjpG4zevDWRodCNOEQoJEzProaDEEnRARtdIn7FHIYexdjXZkklcpBSD6QGnudJXGu1oggzhmuG3mwwc8CEmsSCtFUQia-Gfban-C_m1bXF3GGuhygkWbO7V4RveKOuVBHvtSVeYKWB4tmiKiREfO-35n7Nw4vsbxfeJAeorzH8Up9kgukUCx2P6jVtje8F9FXR--QBTNRuTfEihhNcEJYXGr0COuzk3HM47o_7orTewKtDqczmhmrpfbg5Znb85axJTpSXZoGZ6XWuYA5NDHSv47Kq0Hjxe-EmTIknPUzaJrp45HvK6jXDZuGkI56V1iyfqNSZq6rUN22F34OzQXRHyctrUNYw&amp;hsutk=2767d93d6471d657e0c9f660e4b58ef8&amp;utm_referrer=https%3A%2F%2Fblog.anomali.com%2Fthe-roi-behind-threat-intelligence&amp;canon=https%3A%2F%2Fblog.anomali.com%2Fthe-roi-behind-threat-intelligence&amp;pageId=4287718333&amp;__hstc=41179005.2767d93d6471d657e0c9f660e4b58ef8.1456736058655.1478822660171.1478831861868.179&amp;__hssc=41179005.73.1478831861868&amp;__hsfp=1335165674" id="cta_button_458120_0a81b108-0c35-466f-8ccb-36ff661bc040" style="margin: 20px auto;" target="_blank" title="View It Here">View It Here </a> </span> <script charset="utf-8" src="https://js.hscta.net/cta/current.js"></script> <script type="text/javascript">hbspt.cta.load(458120, 'f68f0b2e-fb62-48eb-acd6-8b2ad6455083', {});</script> </span></p>

Get the Latest Anomali Updates and Cybersecurity News – Straight To Your Inbox

Become a subscriber to the Anomali Newsletter
Receive a monthly summary of our latest threat intelligence content, research, news, events, and more.