News
Commentary
10/17/2003
05:31 PM
Stephanie Stahl
Stephanie Stahl
Commentary
50%
50%

Editor's Note: Let Common Sense Guide Security ROI

I got another letter from a reader the other day telling me that companies will always consider security a "grudge" spend, despite the increasing awareness of the need to protect our computers, networks, and information. Why? Because there's no demonstrable ROI for executives making purchase decisions.

I don't buy it. Granted, I'm not aware of a lot of formulas out there showing that if you purchase X amount of intrusion-detection systems you'll save X amount of money and increase revenue by X percent. How much value can you place on protecting proprietary business intelligence or customer information or intellectual property? How much value can you place on your company's reputation as one that is safe to do business with? Well, it's not a scientifically derived answer, but I'd calculate a heck of a lot of value.

An executive from a security vendor told me recently that part of the problem is that there are so many potential vulnerabilities, threats, patches, etc., that people often don't know how to prioritize. Good point. Here's something to consider.

A University of Maryland study, led by professor Lawrence Gordon, reveals that cybersecurity breaches related to confidential information reduce the expected stock-market value of a firm by an average of 5%. The business-school research team argues that companies need to apply economic concepts to figure out the right amount of investment in information security and the most appropriate way to allocate it. So, you may want to consider investing more in technology that will help you protect your confidential information than in warding off denial-of-service attacks. Applying economic concepts to information security could go a long way toward demonstrating ROI. And so could a little common sense about how much value there is in protecting your assets.

Stephanie Stahl
Editor
sstahl@cmp.com


To discuss this column with other readers, please visit Stephanie Stahl's forum on the Listening Post.

To find out more about Stephanie Stahl, please visit her page on the Listening Post.

Comment  | 
Print  | 
More Insights
Register for InformationWeek Newsletters
White Papers
Current Issue
InformationWeek Tech Digest, Dec. 9, 2014
Apps will make or break the tablet as a work device, but don't shortchange critical factors related to hardware, security, peripherals, and integration.
Video
Slideshows
Twitter Feed
InformationWeek Radio
Archived InformationWeek Radio
Join us for a roundup of the top stories on InformationWeek.com for the week of December 14, 2014. Be here for the show and for the incredible Friday Afternoon Conversation that runs beside the program.
Sponsored Live Streaming Video
Everything You've Been Told About Mobility Is Wrong
Attend this video symposium with Sean Wisdom, Global Director of Mobility Solutions, and learn about how you can harness powerful new products to mobilize your business potential.