What Is Your Equation?

Security is an immense, complex beast of a concept that is difficult to understand and impossible to quantify.

That must drive CIO/CTO/Security folks nuts.

At the end of the day, security has to be budgeted just like everything else and yet there are so many aspects to it, so many attack vectors – from the physical to the cyber; from the outside to internal – that properly calculating the ROI appears to be an impossible mission.

If you are wondering about the ROI, a business has to balance the cost of security against the impact of an exploit.  It might be great to have the best security for every possible attack but spending $10B to protect $10M in assets makes no sense.

At Bear, we completely understand the need to find some level of sanity when it comes to protection but we do not know how you calculate your risk protection efforts’ ROI.  If you are a CXO, in charge of securing your enterprise or involved in security buying, selling or consulting, we would love to hear from you.

How do you think about security from a cost perspective and how do you calculate what you will spend on risk mitigation and where you will spend that money?