• HOME
  • ▸ sponsored
  • ▸ Industry Voice: Return on investment in cybersecurity must be a priority for 2025

Industry Voice: Return on investment in cybersecurity must be a priority for 2025

A lock on a computer chip AI-generated content may be incorrect.

  • Return on security investment is measured by reducing cyber risks, preventing financial losses, and increasing company reputation.
  • In an information security incident, direct and indirect costs must be considered.
  • According to research commissioned by Akamai, solutions such as microsegmentation can have a return on investment of up to 152%.

In 2024, the average cost of a data breach in Latin America was $2.76 million, as breaches became more disruptive and demands on cybersecurity teams increase. Against this backdrop, many organisations in the region are unaware of the financial implications of cyber risk, which prevents them from efficiently communicating cyber threats to members of the organisation.

Oswaldo Palacios, Senior Account Manager for Akamai Latin America, highlighted that organisations suffer from constant cyber threats. In fact, Latin America is the fastest growing region in disclosed cyber incidents with an average annual growth rate of 25% in the last decade according to the Cybersecurity Economics for Emerging Markets for 2024 Latin America and the Caribbean. “It is crucial that companies invest in cybersecurity to protect their digital assets and maintain the trust of their customers. But in addition, it is important that companies know how to quantify the value of cybersecurity,” he highlighted.

Palacios indicated that calculating return on investment (ROI) is essential for making correct decisions, since it provides a clear view of whether an investment is profitable. He emphasised that in cybersecurity, ROI is measured based on the reduction of cyber risks, the prevention of financial losses by avoiding the theft of sensitive data, fraud or interruptions of operations, and the improvement of the reputation of the company, considering that a security breach can undermine customer trust, affecting sales and brand value in the long term.

Seeking approval for projects from senior management can be a challenge, even more so when it comes to information security initiatives. Therefore, measuring the return on security investment (ROSI) will allow us to demonstrate the value obtained from investments made in security. This becomes important if you take into account that of the 39% of organisations suffered cyberattacks during the last year, almost half (45%) failed to measure the economic impact of these incidents, according to the recent study Impact of financial crimes in Mexico 2024 from KPMG Mexico.

According to Palacios, in an information security incident, direct costs such as system recovery costs, crisis management, legal support, and communication specialists should be considered. Indirect costs must also be anticipated, including recovery times ,and compensation to affected clients or users.By reducing costs associated with security incidents, improving customer trust, and complying with regulations, a company can see tangible benefits in its financial results.

A study conducted by Marsh and Microsoft on the State of Cyber Resilience found that only 26% of organisations use a quantitative method to measure their exposure to cyber risk. At the regional level, organisations in Latin America and the Caribbean are more likely to use qualitative evaluation methods.

Microsegmentation, an example of an effective ROSI

How can you be sure that an investment in cybersecurity is paying off and more financial resources can be from senior management to safeguard the daily operation of an organisation? The answer lies in evaluating the ROI and measuring its impact.

Palacios pointed out that ROSI is not measured in the income it generates, but in the losses it avoids. According to the new report The Forrester Total Economic Impact of Guardicore, with a microsegmentation solution organisations can reduce their incident management efforts, optimise operations to require fewer cybersecurity resources, and improve visibility and control, all while achieving a 152% return on investment.

The study also highlighted that organisations can minimise their attack surface, resulting in a reduction in downtime and an increase in revenue retention of 1.4% to 2% over a three-year period, respectively. Furthermore, organisations’ security operations (SecOps) and network operations (NetOps) teams can detect and respond to potential threats more quickly and effectively.

“It also highlights more than $2.9 million saved by reducing or eliminating legacy systems, as with this security solution a company can manage its existing firewalls in a more granular way by reducing its East-West firewall footprint, improving network visibility, and ensure network continuity and security,” said Palacios.

Furthermore, with this Microsegmentation solution, fewer cybersecurity resources are required, resulting in organisation needing 33% fewer cybersecurity professionals, generating savings of almost $1.4 million dollars in three years.

Finally, Palacios stressed that the best defence against cyber threats is a proactive and preventive security strategy, where ROI is taken into account as one of the key parameters to evaluate the cost-benefit of the investment.

This article is sponsored by Akamai

Close