Return on investment is a complicated factor to determine, as is your relative level of security. Damages from a single incident cost SMEs an average of $38K. Stay competitive by prioritizing strategic security measures. Superior threat intelligence and breach detection will make you a less desirable target and give you peace of mind. Granted not every stakeholder sees value in peace of mind, so in order to get full support, make a case for the great ROI on a threat intelligence program.

Creating a solid cyber-security program requires an investment in software, its configuration, and staff to continually monitor and respond to the alerts. Even with an open source threat intelligence platform, there will be costs to justify. To determine ROI, one must determine overall investment of labor and capital against another figure that is harder to determine, the cost of events which were avoided.

Potential losses can only be estimated, but data and case studies from other successful breaches can form an educated guess about the severity of damages. Take stock of all your exploitable resources from workstation PCs up to your most guarded proprietary info and brainstorm the ways they may be exploited, stolen, sabotaged, etc. Estimate the cost of fixing the damages and consider the long term losses which could be sustained by losing a competitive advantage or losing the public’s trust in your brand.

Loss Per Incident X Yearly Incidents = ALE. To calculate ROI you must first calculate your annual loss expectancy.

Try not to become overwhelmed once you assign a reasonable cash value to each of these costs:


  • Investigating the breach
  • Recreating deleted, sabotaged, or otherwise compromised assets
  • Increase in liability insurance premiums
  • Making restitutions to those whose personal data was exposed
  • Fines and other liabilities resulting from negligence
  • Lost production during downtime
  • Labor and software expenses for scrubbing malware from each workstation
  • Rising cost of fees extorted with ransomware
  • Public relations experts to perform crisis communication



If you want job security, take a long term approach to your investment in threat intelligence. Some threats, like malware attacks, have quantifiable damages whereas other attacks cripple your operation on a bigger scale and are harder to calculate in the long run. What advantages would you lose if your competitor could benefit from your work without investing into its development? Think how tragic it would be if a preventable data breach were the turning point in your company’s downward trajectory. Other companies are taking heed; investment in IT security has increased 24% for business and government in 2015.

Before scoffing at the costs of a top notch threat intelligence program, remember that this knowledge wasn’t even available in the past. People spied on competitors and helped themselves to useful data, but there weren’t as many solid clues to their targets and identities before the Internet. History’s greatest captains of industry would surely have leaped at an opportunity to learn who has been sniffing around for secrets. Take a page from their book and pull out all the stops with regards to protecting your network.

Being able to see the ROI behind a product or service really brings the need even more to the surface. Now that you know there is ROI behind Threat Intelligence, learn how to build a threat intelligence program from scratch.