Many of our customers have budgeted projects to improve or replace existing data protection solutions, so the ROI (return on investment) case has been made upfront. Typically this results from customers having poor experiences with DLP (data loss prevention), utilizing new cloud-based workflows, and needing better protection for sensitive or regulated data. A company board often reacts to an internal data breach event or an event at a peer or competitor, which strikes a nerve that a breach could happen to them.
IBM's Cost of a Data Breach Report 2020 lists the average cost of a data breach to be $3.86M (worldwide). In the US, the average expense is $8.64M, the highest of any country. The financial impact of a data breach is why organizations that recently have a security event are always willing to pay for additional security—the cost of a security solution pails in comparison to the value of the data breach.
The threat of a GDPR fine also looms over companies. The EU has issued GDPR fines of over €100M fourteen times in the past 19 months. The most substantial penalty to date is still British Airways at over €204M.
With the recent push to employees working from home, many companies spent a lot of money increasing VPN (virtual private network) capacity. Using VPNs to virtually place devices on the corporate network is a flawed security model. Under a Zero Trust security model, organizations have to assume threats already exist within the corporate network. Spending the money on the implementation of the fundamentals of Zero Trust would be a better alternative.
If your company doesn't have a Zero Trust initiative, here are some tactical ways to show a quality ROI?
Each of the three suggestions creates a positive ROI that also provides superior protection, mitigation for data breaches and insider threats, transparent end-user experience, and without the burden of legacy operational overhead.