Justifying Security ROI: Are you making these mistakes?


Have you ever wondered why your security project didn’t get approved? Maybe you made one or more of the mistakes often made by security and facility managers during security ROI presentations:


MISTAKE 1: Your total cost of ownership analysis is incomplete.

One of the most common mistakes of security managers is to focus on just the direct costs of a security project. This is a great way to ensure that you are not taken seriously by budget decision makers. When preparing presentations on total cost of ownership (TCO), make sure you include evaluations of all costs associated with the security project, including indirect, direct, one time and recurring costs, as well as operating costs, time costs, required manpower, etc.

MISTAKE 2: You didn’t make the business case

It is easy to justify security projects in terms of security measures and risk mitigation. But for many people, security is another inconvenient layer of cost for an organization, so focusing on security issues may not be enough to make a compelling case. It is equally important that you emphasize the economic benefits of a security project as well.


A useful tip: try not to use the word “security” too much in ROI presentations; focus instead on the business outcomes of the security plan, and how they are relevant to the goals of each of the project stakeholders.

MISTAKE 3: You included TOO MUCH financial detail

Detailed analysis that includes sophisticated financial concepts might seem like a good way to strengthen the case for security ROI. But don’t forget that you are talking to specialists in finance that probably have a greater understanding of these concepts than you do. Too much detail may take you out of your comfort zone; make a mistake and you’re done. The best way to avoid this is to include a level of financial analysis in your presentation that you can discuss comfortably.

MISTAKE 4: You used the ROI model provided by your security product vendor

Detailed product ROI models provided by security vendors may seem like a useful tool, especially when time is short and deadlines are near. But remember to treat any ROI model provided by a security product vendor with caution, as this vendor has an agenda and their recommendations may be biased.


Instead, use ROI models provided by vendors as guidelines and punch in your own numbers to achieve an objective analysis of a security system’s economic advantages. If you can convince your CFO that your analysis is completely objective, your chances of success improve significantly!

For more tips on security, follow ICD on our LinkedIn Company Page.


Click the button below to share this article: