Editor's Note: Let Common Sense Guide Security ROIEditor's Note: Let Common Sense Guide Security ROI

I got another letter from a reader the other day telling me that companies will always consider security a "grudge" spend

Stephanie Stahl, Contributor

October 17, 2003

2 Min Read
information logo in a gray background | information

I got another letter from a reader the other day telling me that companies will always consider security a "grudge" spend, despite the increasing awareness of the need to protect our computers, networks, and information. Why? Because there's no demonstrable ROI for executives making purchase decisions.

I don't buy it. Granted, I'm not aware of a lot of formulas out there showing that if you purchase X amount of intrusion-detection systems you'll save X amount of money and increase revenue by X percent. How much value can you place on protecting proprietary business intelligence or customer information or intellectual property? How much value can you place on your company's reputation as one that is safe to do business with? Well, it's not a scientifically derived answer, but I'd calculate a heck of a lot of value.

An executive from a security vendor told me recently that part of the problem is that there are so many potential vulnerabilities, threats, patches, etc., that people often don't know how to prioritize. Good point. Here's something to consider.

A University of Maryland study, led by professor Lawrence Gordon, reveals that cybersecurity breaches related to confidential information reduce the expected stock-market value of a firm by an average of 5%. The business-school research team argues that companies need to apply economic concepts to figure out the right amount of investment in information security and the most appropriate way to allocate it. So, you may want to consider investing more in technology that will help you protect your confidential information than in warding off denial-of-service attacks. Applying economic concepts to information security could go a long way toward demonstrating ROI. And so could a little common sense about how much value there is in protecting your assets.

Stephanie Stahl
Editor
[email protected]

To discuss this column with other readers, please visit Stephanie Stahl's forum on the Listening Post.

To find out more about Stephanie Stahl, please visit her page on the Listening Post.

Read more about:

20032003

About the Author

Stephanie Stahl

Stephanie Stahl

Contributor

See more from Stephanie Stahl
Never Miss a Beat: Get a snapshot of the issues affecting the IT industry straight to your inbox.
SIGN-UP

You May Also Like

More Insights
Webinars
More Webinars
Reports
More Reports

Editor's Choice

A group of smiling college graduates celebrating their graduation.
IT Leadership
Why Liberal Arts Grads Could Be the Best Programmers of the AI Era
Why Liberal Arts Grads Could Be the Best Programmers of the AI Era

Jan 17, 2025

Flame front of the Eaton Fire on the first night during the January 2025 California wildfires in Altadena and Los Angeles
IT Sectors
How Tech Supports the Emergency Response to the LA County Wildfires
How Tech Supports the Emergency Response to the LA County Wildfires

Jan 16, 2025

Graphic Pop Art style Illustration of Keanu Reeves as NEO from the film, The Matrix
IT Infrastructure
Y2K and Infrastructure Resilience 25 Years Later
Y2K and Infrastructure Resilience 25 Years Later

Jan 7, 2025

Young businessman working on a virtual screen of the future and sees the inscription: Now hiring
IT Leadership
Help Wanted: IT Hiring Trends in 2025
Help Wanted: IT Hiring Trends in 2025

Nov 20, 2024

Cobol programming language software development concept on vitual screen.
IT Leadership
Untangling Enterprise Reliance on Legacy Systems
Untangling Enterprise Reliance on Legacy Systems

Jan 21, 2025

Webinars
More Webinars
White Papers
More White Papers
Reports
More Reports