A Forrester Total Economic Impact™ Study Commissioned By BlueVoyant, July 2024
In an increasingly hostile threat landscape, organizations with a lack of resources and overworked security operations teams cannot provide effective, full-coverage threat detection and response. BlueVoyant Managed Security Services enables organizations with a cloud-native solution that offers end-to-end consulting, implementation, and managed security services with 24/7 security threat detection and response.
Analysts from BlueVoyant offer military-grade expertise with deep experience in cyber defense. BlueVoyant enables customers to better automate their alerts to reduce fatigue and have full visibility into incidents, assets, vulnerabilities, and ongoing investigations to strengthen their organization’s overall security posture.
BlueVoyant commissioned Forrester Consulting to conduct a Total Economic Impact™ (TEI) study and examine the potential return on investment (ROI) enterprises may realize by deploying BlueVoyant’s Managed Security Services .1 The purpose of this study is to provide readers with a framework to evaluate the potential financial impact of Managed Security Services on their organizations.
To better understand the benefits, costs, and risks associated with this investment, Forrester interviewed four representatives with experience using BlueVoyant’s Managed Security Services. For the purposes of this study, Forrester aggregated the interviewees’ experiences and combined the results into a single composite organization that is a global organization with $5 billion in annual revenue, 10,000 employees, and 15,000 endpoints.
Interviewees said that prior to using BlueVoyant’s Managed Security Services, their organizations utilized multiple point solutions, internal labor to manage their security operations, and external security operations center (SOC) teams. However, prior attempts yielded limited success, leaving them with ineffective SOC coverage, complex implementation and data migration processes with legacy solutions, excess security information and event management (SIEM) spending, and a lack of visibility into the organization’s security environment. These limitations led to false and excess security alerts which fatigued security operations, and left their organizations vulnerable to potential attacks. Their prior solutions also provided a lack of scalability and integrations.
After the investment in BlueVoyant’s Managed Security Services, the interviewees noted that BlueVoyant’s advanced automation and expert SOC analyst support enabled them to free up and reallocate internal security resources, driving an improvement in their organization’s overall security posture and visibility. Key results from the investment include labor cost savings from reduced alerts, optimized spending, and avoided costs for breaches.
Quantified benefits. Three-year, risk-adjusted present value (PV) quantified benefits for the composite organization include:
Unquantified benefits. Benefits that provide value for the composite organization but are not quantified for this study include:
Costs. Three-year, risk-adjusted PV costs for the composite organization include:
The representative interviews and financial analysis found that a composite organization experiences benefits of $5.73 million over three years versus costs of $1.85 million, adding up to a net present value (NPV) of $3.88 million and an ROI of 210%.
Return on investment (ROI)
Benefits PV
Net present value (NPV)
Payback
From the information provided in the interviews, Forrester constructed a Total Economic Impact™ framework for those organizations considering an investment in BlueVoyant’s Managed Security Services.
The objective of the framework is to identify the cost, benefit, flexibility, and risk factors that affect the investment decision. Forrester took a multistep approach to evaluate the impact that BlueVoyant’s Managed Security Services can have on an organization.
Forrester Consulting conducted an online survey of 351 cybersecurity leaders at global enterprises in the US, the UK, Canada, Germany, and Australia. Survey participants included managers, directors, VPs, and C-level executives who are responsible for cybersecurity decision-making, operations, and reporting. Questions provided to the participants sought to evaluate leaders' cybersecurity strategies and any breaches that have occurred within their organizations. Respondents opted into the survey via a third-party research panel, which fielded the survey on behalf of Forrester in November 2020.
Interviewed BlueVoyant stakeholders and Forrester analysts to gather data relative to BlueVoyant’s Managed Security Services.
Interviewed four representatives at organizations using BlueVoyant’s Managed Security Services to obtain data about costs, benefits, and risks.
Designed a composite organization based on characteristics of the interviewees’ organizations.
Constructed a financial model representative of the interviews using the TEI methodology and risk-adjusted the financial model based on issues and concerns of the interviewees.
Employed four fundamental elements of TEI in modeling the investment impact: benefits, costs, flexibility, and risks. Given the increasing sophistication of ROI analyses related to IT investments, Forrester’s TEI methodology provides a complete picture of the total economic impact of purchase decisions. Please see Appendix A for additional information on the TEI methodology.
Readers should be aware of the following:
This study is commissioned by BlueVoyant and delivered by Forrester Consulting. It is not meant to be used as a competitive analysis.
Forrester makes no assumptions as to the potential ROI that other organizations will receive. Forrester strongly advises that readers use their own estimates within the framework provided in the study to determine the appropriateness of an investment in BlueVoyant’s Managed Security Services.
BlueVoyant reviewed and provided feedback to Forrester, but Forrester maintains editorial control over the study and its findings and does not accept changes to the study that contradict Forrester’s findings or obscure the meaning of the study.
BlueVoyant provided the customer names for the interviews but did not participate in the interviews.
Consulting Team:
Nikoletta Stergiou
Role | Industry | Region | Average Annual Revenue | Number of Employees | Endpoints |
---|---|---|---|---|---|
Director of cyber defense | Retail | Headquartered in the US, global operations | $2.6 billion | 14,400 | 10,000 |
Deputy enterprise CISO | Insurance | Headquartered in the US, global operations | $14.3 billion | 13,500 | 10,500 |
CISO | Manufacturing | Headquartered in the US | $4 billion | 5,000 | 22,500 |
CSO | Healthcare | Headquartered in the US, global operations | $9 billion | 35,000 | 35,000 |
Before implementing BlueVoyant's Managed Security Services, the interviewees' organizations faced significant challenges in their security posture from a range of legacy point solutions. They experienced a lack of effective SOC coverage, complex implementation and data migration with legacy solutions, excess spending on SIEM technology, and the lack of visibility into the security environment, that left them vulnerable to an increased the risk of data breaches and other security incidents.
The interviewees noted how their organizations struggled with common challenges, including:
The interviewees’ organizations searched for a solution that could:
Based on the interviews, Forrester constructed a TEI framework, a composite company, and an ROI analysis that illustrates the areas financially affected. The composite organization is representative of the four interviewees, and it is used to present the aggregate financial analysis in the next section. The composite organization has the following characteristics:
Description of composite and deployment characteristics. The global organization has $5 billion in annual revenue, 10,000 employees, and 15,000 endpoints. The SecOps team consists of 10 FTEs.
Ref. | Benefit | Year 1 | Year 2 | Year 3 | Total | Present Value |
---|---|---|---|---|---|---|
Atr | Labor cost savings from reduced alerts | $364,721 | $364,721 | $364,721 | $1,094,164 | $907,008 |
Btr | Optimized spending | $360,000 | $360,000 | $360,000 | $1,080,000 | $895,267 |
Ctr | Avoided breach costs | $1,580,167 | $1,580,167 | $1,580,167 | $4,740,501 | $3,929,641 |
Total benefits (risk-adjusted) | $2,304,888 | $2,304,888 | $2,304,888 | $6,914,665 | $5,731,916 | |
Evidence and data. BlueVoyant's technology and processes reduces the number of alerts that need to be addressed by the analysts at the interviewees’ organizations. By leveraging automation and advanced threat intelligence capabilities, BlueVoyant filters out false positives and identifies non-malicious incidents. This allowed interviewees’ security teams to focus their time and efforts on addressing genuine threats rather than wasting resources on investigating and responding to false alarms. The interviewees’ security teams could then work more efficiently and effectively, maximizing their impact and reducing the financial burden of unnecessary alert processing.
Modeling and assumptions. Based on the interviews, Forrester assumes the following about the composite organization:
Risks. Forrester recognizes that these results may not be representative of all experiences and that results will vary depending on the following factors:
Results. To account for these risks, Forrester adjusted this benefit downward by 10%, yielding a three-year, risk-adjusted total PV (discounted at 10%) of $907,000.
Ref. | Metric | Source | Year 1 | Year 2 | Year 3 |
---|---|---|---|---|---|
A1 | Escalated alerts in prior environment (monthly) | Composite | 4,000 | 4,000 | 4,000 |
A2 | Percentage of escalated alerts manually resolved by SecOps team in prior environment | Composite | 40% | 40% | 40% |
A3 | Alerts manually resolved by SecOps team in prior environment (monthly) | A1*A2 | 1,600 | 1,600 | 1,600 |
A4 | Percentage reduction in total escalated alerts per month with BlueVoyant | Interviews | 90% | 90% | 90% |
A5 | Alerts manually resolved by SecOps team with BlueVoyant (monthly) | A1*(1-A4) | 400 | 400 | 400 |
A6 | Alerts eliminated by BlueVoyant for the SecOps team (monthly) | A3-A5 | 1,200 | 1,200 | 1,200 |
A7 | Average MTTR (minutes) | Composite | 20 | 20 | 20 |
A8 | Subtotal: Hours saved from eliminating alerts with BV (monthly) | (A6*A7)/60 minutes | 400 | 400 | 400 |
A9 | Improvement in MTTR for alerts with BlueVoyant | Interviews | 70% | 70% | 70% |
A10 | Subtotal: Hours saved from reduced MTTR with BlueVoyant (monthly) | (A5*A7*A9)/60 minutes | 93 | 93 | 93 |
A11 | Average hourly fully-burdened salary of a SecOps FTE | Composite | $68.50 | $68.50 | $68.50 |
At | Labor cost savings from reduced alerts | (A8+A10)*A11*12 months | $405,246 | $405,246 | $405,246 |
Risk adjustment | ↓10% | ||||
Atr | Labor cost savings from reduced alerts (risk-adjusted) | $364,721 | $364,721 | $364,721 | |
Three-year total: $1,094,164 | Three-year present value: $907,008 |
Evidence and data. Interviewees highlighted that BlueVoyant helped them optimize spending as the solution offers a centralized platform that integrates various cybersecurity solutions, eliminating the need for multiple standalone tools. Consolidating tools helped interviewees improve efficiency as security teams could focus on a single platform, saving time and effort on administration. It also enabled better data integration and correlation, enhancing visibility and informed decision-making. Overall, BlueVoyant's tool consolidation simplified the security infrastructure, reduced costs, and improved the effectiveness of cybersecurity operations for the interviewees’ organizations.
Modeling and assumptions. Based on the interviews, Forrester assumes the following about the composite organization:
Risks. Forrester recognizes that these results may not be representative of all experiences and that results will vary depending on the following factors:
Results. To account for these risks, Forrester adjusted this benefit downward by 10%, yielding a three-year, risk-adjusted total PV (discounted at 10%) of $895,000.
Ref. | Metric | Source | Year 1 | Year 2 | Year 3 | |
---|---|---|---|---|---|---|
B1 | Retired legacy solutions licensing costs | Interviews | $175,000 | $175,000 | $175,000 | |
B2 | Security engineer FTEs needed to support legacy solution | Interviews | 1.5 | 1.5 | 1.5 | |
B3 | Average annual fully-burdened salary of a security engineer | Composite | $150,000 | $150,000 | $150,000 | |
Bt | Optimized spending | C1+(C2*C3) | $400,000 | $400,000 | $400,000 | |
Risk adjustment | ↓10% | |||||
Btr | Optimized spending (risk-adjusted) | $360,000 | $360,000 | $360,000 | ||
Three-year total: $1,080,000 | Three-year present value: $895,267 |
Evidence and data. Interviewees discussed how BlueVoyant improved the security posture of their organization, which ultimately reduced the likelihood of breaches. BlueVoyant's expertise and analysis provided actionable insights to interviewees to understand the evolving threat landscape and make informed security decisions in their environment. They assisted interviewees in identifying and remedying vulnerabilities through comprehensive assessments and penetration testing, which validated BlueVoyant’s capabilities and justified the interviewees’ investment in the solution.
Modeling and assumptions. Based on the interviews, Forrester assumes the following about the composite organization:
Risks. Forrester recognizes that these results may not be representative of all experiences and that results will vary depending on the following factors:
Results. To account for these risks, Forrester adjusted this benefit downward by 10%, yielding a three-year, risk-adjusted total PV (discounted at 10%) of $3.93 million.
Ref. | Metric | Source | Year 1 | Year 2 | Year 3 |
---|---|---|---|---|---|
C1 | Average number of major breaches annually | Forrester research | 2.5 | 2.5 | 2.5 |
C2 | Cost per data breach | Forrester research | $756,593 | $756,593 | $756,593 |
C3 | Reduction in likelihood of a data breach and its associated costs with BlueVoyant | Interviews | 50% | 50% | 50% |
C4 | Subtotal: Risk reduction savings due to BlueVoyant | C1*C2*C3 | $945,741 | $945,741 | $945,741 |
C5 | Total business user endpoints | Composite | 15,000 | 15,000 | 15,000 |
C6 | Percentage of business user endpoints impacted by each breach | Forrester research | 15% | 15% | 15% |
C7 | Average number of general business employee downtime hours per breach | Forrester research | 3.6 | 3.6 | 3.6 |
C8 | Average fully-burdened hourly rate of a general business employee | TEI standard | $40 | $40 | $40 |
C9 | Subtotal: Cost to internal users for downtime and lost productivity | C1*C5*C7*C6*C8 | $810,000 | $810,000 | $810,000 |
Ct | Avoided breach costs | C4+C9 | $1,755,741 | $1,755,741 | $1,755,741 |
Risk adjustment | ↓10% | ||||
Ctr | Avoided breach costs (risk-adjusted) | $1,580,167 | $1,580,167 | $1,580,167 | |
Three-year total: $4,740,501 | Three-year present value: $3,929,641 |
Interviewees mentioned the following additional benefits that their organizations experienced but were not able to quantify:
The value of flexibility is unique to each customer. There are multiple scenarios in which a customer might implement BlueVoyant’s Managed Security Services and later realize additional uses and business opportunities, including:
Flexibility would also be quantified when evaluated as part of a specific project (described in more detail in Appendix A).
Ref. | Cost | Initial | Year 1 | Year 2 | Year 3 | Total | Present Value |
---|---|---|---|---|---|---|---|
Dtr | BlueVoyant licensing fees | $0 | $708,750 | $708,750 | $708,750 | $2,126,250 | $1,762,556 |
Etr | Implementation and training costs | $75,856 | $0 | $0 | $0 | $75,856 | $75,856 |
Ftr | Ongoing management costs | $0 | $5,425 | $5,425 | $5,425 | $16,276 | $13,492 |
Total costs (risk-adjusted) | $75,856 | $714,175 | $714,175 | $714,175 | $2,218,382 | $1,851,904 | |
Evidence and data. BlueVoyant licensing is a subscription fee based on the number of endpoints. Some interviewees shared licensing costs which validated a volume-based licensing approach for organizations with a significant number of endpoints.
Licensing costs include subscriptions for Managed Azure Sentinel and Managed M365 Security, using a client-supplied Azure Sentinel subscription, correlated and analyzed network logs in real time, aggregated disparate data and the latest threat intelligence to filter background noise and identify real security concerns. This price is also inclusive of 20 hours of BlueVoyant Concierge Services.
Modeling and assumptions. Based on the interviews, Forrester assumes the following about the composite organization:
Risks. Forrester recognizes that these results may not be representative of all experiences and that results will vary depending on the following factors:
Results. To account for these risks, Forrester adjusted this cost upward by 5%, yielding a three-year, risk-adjusted total PV (discounted at 10%) of $1.76 million.
Ref. | Metric | Source | Initial | Year 1 | Year 2 | Year 3 | |
---|---|---|---|---|---|---|---|
D1 | BlueVoyant annual licensing fees | Composite | $675,000 | $675,000 | $675,000 | ||
Dt | BlueVoyant licensing fees | D1 | $675,000 | $675,000 | $675,000 | ||
Risk adjustment | ↑5% | ||||||
Dtr | BlueVoyant licensing fees (risk-adjusted) | $0 | $708,750 | $708,750 | $708,750 | ||
Three-year total: $2,126,250 | Three-year present value: $1,762,556 |
Evidence and data. Interviewees described the implementation process for BlueVoyant as a collaboration between the security team and the BlueVoyant team. It typically took two months to completely onboard the interviewees’ organizations SIEM solutions, with regular meetings and coordination to ensure a smooth transition. During this process, access provisioning and change were key steps. Training for employees focused on familiarizing them with the organization's specific tooling and procedures, with BlueVoyant's platform requiring minimal additional training.
Modeling and assumptions. Based on the interviews, Forrester assumes the following about the composite organization:
Risks. Forrester recognizes that these results may not be representative of all experiences and that results will vary depending on the following factors:
Results. To account for these risks, Forrester adjusted this cost upward by 10%, yielding a three-year, risk-adjusted total PV (discounted at 10%) of $76,000.
Ref. | Metric | Source | Initial | Year 1 | Year 2 | Year 3 |
---|---|---|---|---|---|---|
E1 | BlueVoyant deployment fee | Composite | $50,000 | |||
E2 | SecOps FTES supporting implementation | Composite | 3 | |||
E3 | Hours spent per week on implementation | Composite | 2 | |||
E4 | Length of implementation (weeks) | Composite | 8 | |||
E5 | Average hourly fully-burdened rate of a SecOps FTE | Composite | $68.50 | |||
E6 | Subtotal: SecOps FTE internal implementation costs | E2*E3*E4*E5 | $3,288 | |||
E7 | Hours a director of cybersecurity spends per week supporting implementation | Composite | 10 | |||
E8 | Average hourly fully-burdened salary of a director of cyber security | Composite | $100 | |||
E9 | Subtotal: Implementation labor cost | E4*E7*E8 | $8,000 | |||
E10 | Additional SecOps FTEs trained on solution | Composite | 7 | |||
E11 | Hours of training required | Composite | 16 | |||
E12 | Subtotal: Initial training labor cost | E5*E10*E11 | $7,672 | |||
Et | Implementation and training costs | E1+E6+E9+E12 | $68,960 | $0 | $0 | $0 |
Risk adjustment | ↑10% | |||||
Etr | Implementation and training costs (risk-adjusted) | $75,856 | $0 | $0 | $0 | |
Three-year total: $75,856 | Three-year present value: $75,856 |
Evidence and data. Ongoing management involves regular check-ins, reporting, and collaboration with the BlueVoyant team. Interviewees noted that these check-ins offered valuable and strategic insights for their organization’s security program.
Modeling and assumptions. Based on the interviews, Forrester assumes the following about the composite organization:
Risks. Forrester recognizes that these results may not be representative of all experiences and that results will vary depending on the following factors:
Results. To account for these risks, Forrester adjusted this cost upward by 10%, yielding a three-year, risk-adjusted total PV (discounted at 10%) of $13,000.
Ref. | Metric | Source | Initial | Year 1 | Year 2 | Year 3 | |
---|---|---|---|---|---|---|---|
F1 | SecOps FTEs supporting ongoing management | Composite | 3 | 3 | 3 | ||
F2 | Hours spent on ongoing management annually | Composite | 24 | 24 | 24 | ||
F3 | Average hourly fully-burdened salary of a SecOps FTE | Composite | $68.50 | $68.50 | $68.50 | ||
Ft | Ongoing management costs | F1*F2*F3 | $4,932 | $4,932 | $4,932 | ||
Risk adjustment | ↑10% | ||||||
Ftr | Ongoing management costs (risk-adjusted) | $0 | $5,425 | $5,425 | $5,425 | ||
Three-year total: $16,276 | Three-year present value: $13,492 |
The financial results calculated in the Benefits and Costs sections can be used to determine the ROI, NPV, and payback period for the composite organization’s investment. Forrester assumes a yearly discount rate of 10% for this analysis.
These risk-adjusted ROI, NPV, and payback period values are determined by applying risk-adjustment factors to the unadjusted results in each Benefit and Cost section.
Initial | Year 1 | Year 2 | Year 3 | Total | Present Value | |
---|---|---|---|---|---|---|
Total costs | ($75,856) | ($714,175) | ($714,175) | ($714,175) | ($2,218,382) | ($1,851,904) |
Total benefits | $0 | $2,304,888 | $2,304,888 | $2,304,888 | $6,914,665 | $5,731,916 |
Net benefits | ($75,856) | $1,590,713 | $1,590,713 | $1,590,713 | $4,696,283 | $3,880,012 |
ROI | 210% | |||||
Payback period (months) | <6 | |||||
Total Economic Impact is a methodology developed by Forrester Research that enhances a company’s technology decision-making processes and assists vendors in communicating the value proposition of their products and services to clients. The TEI methodology helps companies demonstrate, justify, and realize the tangible value of IT initiatives to both senior management and other key business stakeholders.
Benefits represent the value delivered to the business by the product. The TEI methodology places equal weight on the measure of benefits and the measure of costs, allowing for a full examination of the effect of the technology on the entire organization.
Costs consider all expenses necessary to deliver the proposed value, or benefits, of the product. The cost category within TEI captures incremental costs over the existing environment for ongoing costs associated with the solution.
Flexibility represents the strategic value that can be obtained for some future additional investment building on top of the initial investment already made. Having the ability to capture that benefit has a PV that can be estimated.
Risks measure the uncertainty of benefit and cost estimates given: 1) the likelihood that estimates will meet original projections and 2) the likelihood that estimates will be tracked over time. TEI risk factors are based on “triangular distribution.”
The initial investment column contains costs incurred at “time 0” or at the beginning of Year 1 that are not discounted. All other cash flows are discounted using the discount rate at the end of the year. PV calculations are calculated for each total cost and benefit estimate. NPV calculations in the summary tables are the sum of the initial investment and the discounted cash flows in each year. Sums and present value calculations of the Total Benefits, Total Costs, and Cash Flow tables may not exactly add up, as some rounding may occur.
1 Total Economic Impact is a methodology developed by Forrester Research that enhances a company’s technology decision-making processes and assists vendors in communicating the value proposition of their products and services to clients. The TEI methodology helps companies demonstrate, justify, and realize the tangible value of IT initiatives to both senior management and other key business stakeholders.
2 This cost is inclusive of average remediation and reporting labor costs, average costs of response and notification, fines, damages, compliance costs, customer compensation, average lost business revenues and additional costs to acquire customers, and end-user downtime as it relates to a security breach across the organization. Source: Forrester Consulting Cost Of A Cybersecurity Breach Survey, Q1 2021.
Cookie Preferences
Accept Cookies
A cookie is a small text file that a website saves on your computer or mobile device when you visit the site. It enables the website to remember your actions (data inputs, website navigation), so you don’t have to re-enter data when you come back to the site or browse from one page to another.
Behavioral information collected by our web analytics vendor is used to analyze data pertaining to visitor trends, plan website enhancements, and measure overall website effectiveness. We may also use cookies or web beacons to help us offer you products, programs, or services that may be of interest to you and to deliver relevant advertising. We may use third-party advertising companies to help tailor website content to users or to serve ads on our behalf. These companies may also employ cookies and web beacons to measure advertising effectiveness.
Please accept cookies and the collection of behavioral information to receive full functionality and enhance your experience. If you decline cookies, some features of the website may not function normally.
Please see our
Privacy Policy for more information.