Cost-benefit analysis of IT security 

Share post

IT security has a problem: it doesn't make any profits. For many it is still too expensive. However, the benefits of cyber defense can be demonstrated by a cost-benefit analysis with an IT security platform. There are five factors that can do this. 

Without a doubt, cyber defense causes additional costs beyond the pure license price. Because security software is not only to be obtained and installed quickly. Overtime that takes up time resources can never be ruled out. Its benefits often only become apparent when IT teams are willing and able to work with it. Security must be resource intensive. It can, because its value is derived from five factors in a cost-benefit analysis:

Factor 1: Inexpensive foundation of the basic technologies

Even the underestimated and neglected standard technologies such as antivirus (endpoint protection) and firewalls not only cause costs. They are the basis for the automated defense against already known cyber attacks, which make up the unnoticed majority of actual attacks - because they are quickly repelled. But hackers like to take the easy route first and try the tools they know or have handy. They rightly suspect that a large proportion of IT administrators have not yet updated their systems. Classic tools therefore offer efficient off-the-shelf security against such attacks. Automated defense also avoids alarms due to defense routines that distract from the real new threats.

Factor 2: Platforms for lean IT security

The increasingly complex, really dangerous attacks cannot be defended by such a defense. They require interacting defense technologies. First of all, this increases the costs. However, this increase can be slowed down by platform architectures. The "price/performance ratio" of an IT security architecture depends above all on whether information about a system and its security situation is available in a centralized form and enables efficient defense.

Central manufacturer-independent platforms for Endpoint Detection and Response (EDR) or Extended Endpoint Detection and Response (XDR) therefore correlate information from different sources such as Office 365, cloud workloads, network, the Internet of Things hardware in the corporate network or Active Directory a central platform. New technology does not require the time-consuming and costly construction of new cyber security, but builds on what already exists. The integration of various security modules gives those responsible very quickly a comprehensive insight into the security situation. A comprehensive defense arsenal is available for a reasonable additional financial effort.

Factor 3: Added value through external helpers

Without outside help, companies are quickly overwhelmed. Because small and medium-sized companies are now becoming the target of complex multi-stage attacks. These can no longer be repelled by security tools alone. The IT administrator, who can only devote part of his working time to cyber security, often does not have the time to take defensive measures or has too little prior knowledge. Even staying up to date with the attacks costs him time and money. He therefore needs the help of a team of experts and usually at least one security analyst to evaluate the alarms and take further action. Anyone who buys the knowledge, expertise and, above all, time from external IT security analysts in the form of a managed detection and response service acquires shares in the cyber security specialists they are looking for.

These human resources and other tools required for incident response and security forensics generate costs. However, a defense guided by external security analysts - such as an SOC as part of a Managed Detection and Response (MDR) service - drives up the spiraling costs less than one might think. The following comparison calculation between a company's own SOC and an MDR SOC based on list prices of the services and technologies expresses this in figures.

How much does a SOC cost a self-operated company

🔎 Bitdefender's estimated cost of running an SOC in-house (Image: Bitdefender).

Only a 24×7 SOC provides the necessary protection, because cybercriminals operate at different times of the day. Compared to the internal SOC with an effort of more than 1,2 million euros over three years, independent of the number of users, an MDR service with an external SOC for 500 users including the purchased expertise costs only one tenth: Annually approx. 40.000 euros, 120.000 euros calculated over three years.

The cost difference between internal and external SOC becomes even greater when you consider that many vendors in the market often offer MDR licenses below list price. In addition, the personnel costs for a security analyst in your own SOC are very low at €60.000. In addition, given the lack of staff, it may not be possible to find and keep a suitable expert. After all, the number of staff is also set to the absolute minimum with three for 8×5 and five for 24×7 operation.

Small and medium-sized companies in particular can also save further costs with a Managed Security Service Partner (MSSP). Because they have the opportunity to allocate fixed costs to the various customers. In addition, the security of the company benefits from a partner who can transfer value-added knowledge to different customers profitably.

Factor 4: Entry ticket to insurance coverage

IT security at a current level is now a prerequisite for IT insurance cover and not only enables lower premiums. Insurance companies are increasingly demanding the use of various security technologies such as multi-factor authentication, antivirus, firewall and malware detection or endpoint detection and response (EDR). The demands of providers are constantly increasing and they are looking for formal criteria in order to be able to reject companies from the outset.

Factor 5: Offset the damage avoided

Jörg von der Heydt, Regional Director DACH at Bitdefender (Image: Bitdefender).

Despite all the often very academic attempts, IT security does not open up any actually verifiable return on security investment (ROSI). All attempts to calculate such remain in economic mathematics without any practical value. Above all, ransomware attacks that have been successfully repelled and linked to real costs cannot be accounted for, but would drastically increase the benefit factor of functioning IT security. This is where the statistics are confusing. If you evaluate the malware in the telemetry, ransomware - an undoubtedly significant danger - has only a negligibly small statistical share. Because in the vast majority of cases, the EDR successfully blocks the phishing Trojan, which is the prelude to many extortion attacks.

The calculation of possible damage is not easy. This includes not only the measurable theoretical production or service failures, but also the time-consuming recovery processes of encrypted or destroyed data. In addition, small and large companies have to meet stricter requirements regarding the availability of their services or products - as part of a supply chain or even a critical infrastructure. Penalties due in an emergency make this damage measurable. In view of the currently strained supply chains, there may even be economic damage. The loss of reputation and customers that is often sought can only be roughly estimated - but it is very real.

Cost-benefit analysis and damage calculation

The costs and benefits of cyber security and the damage to be avoided cannot simply be added up. But they cannot be argued away. Many market participants offer sufficient cyber defense technologies. IT security only develops its value thanks to comprehensive security platforms and services that orchestrate various IT security technologies. And through an individual analysis and management of IT security by external security experts. Aid creates benefit and investing in it creates value.

More at Bitdefender.com

 


About Bitdefender

Bitdefender is a leading global provider of cybersecurity solutions and antivirus software, protecting over 500 million systems in more than 150 countries. Since it was founded in 2001, the company's innovations have consistently ensured excellent security products and intelligent protection for devices, networks and cloud services for private customers and companies. As the supplier of choice, Bitdefender technology is found in 38 percent of security solutions deployed around the world and is trusted and recognized by industry experts, manufacturers and customers alike. www.bitdefender.de


 

Matching articles on the topic

IT security: NIS-2 makes it a top priority

Only in a quarter of German companies do management take responsibility for IT security. Especially in smaller companies ➡ Read more

Cyber ​​attacks increase by 104 percent in 2023

A cybersecurity company has taken a look at last year's threat landscape. The results provide crucial insights into ➡ Read more

Mobile spyware poses a threat to businesses

More and more people are using mobile devices both in everyday life and in companies. This also reduces the risk of “mobile ➡ Read more

Crowdsourced security pinpoints many vulnerabilities

Crowdsourced security has increased significantly in the last year. In the public sector, 151 percent more vulnerabilities were reported than in the previous year. ➡ Read more

Digital Security: Consumers trust banks the most

A digital trust survey showed that banks, healthcare and government are the most trusted by consumers. The media- ➡ Read more

Darknet job exchange: Hackers are looking for renegade insiders

The Darknet is not only an exchange for illegal goods, but also a place where hackers look for new accomplices ➡ Read more

Solar energy systems – how safe are they?

A study examined the IT security of solar energy systems. Problems include a lack of encryption during data transfer, standard passwords and insecure firmware updates. trend ➡ Read more

The True Cost of Ransomware

A cybersecurity solutions provider announced the results of its third annual ransomware study. The investigation carried out should provide information about which ➡ Read more