Return on Investment

Forging a Better Understanding
of Security's True Worth

It is impossible to exactly calculate the extent to which the money you’ve spent on security has been worthwhile. Maybe your security measures prevented business-crippling incidents. Or maybe nothing would have happened anyway. Because of the difficulty in precisely measuring the value of security, it’s still common for senior management to perceive security as a cost center, and when times are tight, security budgets are often placed on the chopping block. This fact has long presented an obstacle to adequate and consistent spending on security services and projects.

A security operation cannot reach its maximum influence, efficiency, or effectiveness unless its value is recognized. Unfortunately, while many forward-facing companies now see the competitive advantage to a proactive security strategy, many company security representatives still report that company management fails to properly recognize security’s strategic value. Even at billion-dollar companies, adequate appreciation for security is hit-and-miss, and failure to appreciate security is the norm in many industries. The unfortunate fact is that the importance of security often rises and falls alongside management’s perception of the threat environment.

But security is too mission critical for this to persist. You can’t successfully operate a business without a sufficiently safe and secure environment and, in addition to preventing costly and disrupting events, effective security benefits companies in countless ways.

The actual impact can be significant, with those investors estimating an average decrease in stock price of 29% in the wake of a significant internal or external security incident in the last 12 months. — 2023 World Security Report, survey of 200 global institutional investors

Understand

Companies suffer a monetary loss in cases of employee fraud—that is obvious—but it typically will also experience other harms, such as a loss of customers. While hard to pinpoint, such ‘soft’ costs are often more damaging than direct losses. There is a wide range of indirect costs from security events that organizations should consider, from lower productivity to management distraction. Companies should extend this same mindset when examining the benefits of security, by assessing the collateral value of security activities.

Calculate

The answer to better understanding of security's value may not be to implement new programs or shift priorities, but to simply be more rigorous in documenting security activities and calculating their value. There is value in security, and while it can be hard to tally all its merits into a financial calculation, it is possible to capture many of the ways that security benefits a business and to communicate that value in making an effective case for security spending.

Communicate

The discrepancy between the perceived value of security and its real worth should propel stakeholders to become better communicators of security’s worth, extending talking points beyond how the function protects assets and relate the ways in which security crucially supports business activities. Communication about security is typically fear-based, but a communication plan designed to amplify the positive aspects of security can have more enduring value.

Maximize

Maximizing value from security expenditures requires appropriately aligning spending on security with the security needs of functional departments, so it is helpful to approach security from a business perspective and have business unit stakeholders identify what security services they require for success. Additionally, physical security performance measures will help to ensure accountability, prioritize security needs, and justify investment decisions to maximize available resources.

Get the Report