[CONTENT]
$
USD
Total Economic Impact
Cost Savings And Business Benefits Enabled By Symantec Endpoint Security Complete
A FORRESTER TOTAL ECONOMIC IMPACT STUDY COMMISSIONED BY broadcom, september 2025
Total Economic Impact
A FORRESTER TOTAL ECONOMIC IMPACT STUDY COMMISSIONED BY broadcom, september 2025
Cybersecurity hinges on robust endpoint defense. For security analysts in charge of protecting large enterprises, this means overseeing hundreds, if not thousands, of endpoints. Real-time, adaptive evaluations are crucial for neutralizing cyber threats before they escalate into full-blown attacks. An effective defense against the escalating frequency and sophistication of malware and ransomware demands a comprehensive approach that includes extensive coverage and unified management.
Symantec Endpoint Security (SES) Complete is a comprehensive endpoint protection solution designed to safeguard various devices, including desktops, mobile phones, and servers. It delivers an integrated platform that combines multiple security layers, such as attack surface reduction, threat prevention, and endpoint detection and response. A key aspect of SES Complete’s value proposition lies in its Adaptive Protection features, which learn and analyze endpoint behavior to adjust security policies automatically, block anomalous activities, and reduce attack surface.
Broadcom commissioned Forrester Consulting to conduct a Total Economic Impact™ (TEI) study and examine the potential return on investment (ROI) enterprises may realize by deploying SES Complete.1 The purpose of this study is to provide readers with a framework to evaluate the potential financial impact of SES Complete on their organizations.
To better understand the benefits, costs, and risks associated with this investment, Forrester interviewed four decision-makers with experience using SES Complete. For the purposes of this study, Forrester aggregated the experiences of the interviewees and combined the results into a single composite organization, which is a global organization with $10 billion in annual revenue and 30,000 endpoints protected by SES Complete.
Interviewees said that prior to using SES Complete, their organizations had multiple security solutions but lacked a comprehensive endpoint protection tool, leading to a fragmented security landscape. They typically deployed a patchwork of disparate security solutions to address specific threat vectors or endpoint types, but did not have a holistic view of vulnerabilities in their security posture. Beyond the security risks, the overhead and high costs associated with managing multiple tools often strained IT budgets and resources.
After implementing SES Complete, the interviewees reported that they could significantly enhance their security posture and gain unified protection across all their endpoints. This translated into reduced breach risk, reduced attack surface, and streamlined security operations.
Quantified benefits. Three-year, risk-adjusted present value (PV) quantified benefits for the composite organization include:
Up to an 80% reduction in the risk of malware, ransomware, targeted attacks, or Active Directory breaches. SES Complete reduces the composite organization’s breach risk by leveraging Adaptive Protection, Active Directory security, and endpoint protection capabilities like AI-guided threat hunting to prevent and detect sophisticated attacks proactively. Over three years, the composite organization avoids a risk-adjusted $3.8 million in breach costs.
Time savings on responding to true positives. SES Complete’s Adaptive Protection features proactively block malicious behavior and automatically flag deviations from normal application behavior for the composite, leading to a 20% decrease in the number of security alerts that require a manual response. Additionally, SES Complete provides crucial data on threat sources, novelty, and exploit levels, enabling the composite’s security team to respond to each alert 33% faster. These time savings are worth a risk-adjusted $2.1 million to the composite over the three-year analysis.
Up to a 30% decrease in false positives. The composite organization leverages SES Complete’s Adaptive Protection capabilities to customize and optimize its security policies, minimizing benign detections. Further enhancing this benefit are the machine learning and behavioral analysis that differentiate between legitimate activities and true threats, leading to more precise alerts. The reduction in false positives leads to $489,000 in employee labor savings over the three-year analysis.
IT support time savings from an 8% reduction in help desk tickets. With SES Complete, the composite organization can reduce the number of IT support tickets related to account suspensions, blocked work, or other security issues. Over three years, the reduction in help desk tickets leads to $298,000 in IT support time savings.
Cost and maintenance savings from retiring legacy tools. After adopting SES Complete, the composite organization eliminates multiple legacy point solutions, which collectively cost $561,000 per year. Because the legacy endpoint security tools were more labor intensive to manage than SES Complete, the composite can also redeploy maintenance FTEs associated with the legacy tools. Collectively, these cost and management savings are worth a risk-adjusted $1.8 million to the composite over three years.
Unquantified benefits. Benefits that provide value for the composite organization but are not quantified for this study include:
Avoided cybersecurity insurance premium hikes. By reporting its SES Complete use to cybersecurity insurers, the composite organization can more easily maintain its insurance, avoid premium hikes, and potentially reduce its premiums.
Easier compliance process. Because SES Complete adheres to all of the composite organization’s global and local compliance requirements, including ISO 27000, GDPR, HIPAA, and other standards, the organization can more easily pass audits and reduce the risk of regulatory penalties.
Costs. Three-year, risk-adjusted PV costs for the composite organization include:
SES Complete subscription and professional services costs. The composite organization incurs per endpoint subscription costs from Broadcom for SES Complete use, as well as professional services costs for platform implementation and ongoing optimization. Over three years, these costs amount to a risk-adjusted $2.3 million.
Internal labor for SES Complete implementation and training. The composite dedicates a small team to managing the SES Complete implementation over the course of four months. On top of deployment labor, security staff each receive a multiday training on using SES Complete. Collectively, implementation and training costs amount to $176,000 in employee labor over three years.
Internal labor for ongoing management. The composite dedicates two employees to managing the SES Complete deployment on an ongoing basis. These employees are in charge of ongoing policy refinement, health monitoring, meeting with support teams, reporting, and setting up new integrations. Over three years, this internal labor amounts to $554,000.
The financial analysis that is based on the interviews found that a composite organization experiences benefits of $8.6 million over three years versus costs of $3.1 million, adding up to a net present value (NPV) of $5.5 million and an ROI of 180%.
Reduction in likelihood of a breach caused by an external attack, an attack on remote networks, or an internal incident
Return on investment (ROI)
Benefits PV
Net present value (NPV)
Payback
| Role | Industry | Annual Revenue | Endpoints Protected With SES Complete |
|---|---|---|---|
| IT director | Manufacturing | >$5 billion | >50,000 |
| Cybersecurity technologist | Professional services | >$5 billion | >50,000 |
| Cybersecurity manager | Financial services | >$5 billion | 40,000 |
| Engineer | Technology | >$5 billion | 50,000 |
Prior to SES Complete, interviewees’ organizations struggled with a fragmented security landscape and relied on a multitude of discrete tools that lacked comprehensive endpoint protection. This disjointed approach not only increased security risks but also imposed significant management overhead and financial strain on IT resources.
Interviewees noted how their organizations struggled with common challenges, including:
Persistent and evolving threats posed a high risk of breaches. Interviewees reported dealing with an onslaught of cyber threats, including advanced malware, ransomware, and targeted attacks. While the legacy endpoint security stack varied by organization, most interviewees shared that their legacy security measures still left them highly vulnerable to costly and disruptive security breaches. The IT director at a manufacturing firm described their legacy state: “We had a major ransomware situation. We had downtime at our plants for a couple of days, and then intermittently we had some smaller incidents that affected one plant at a time. Per year, we were having about six to 10 incidents before SES Complete.”
Some interviewees reported that their auditors or cybersecurity insurance providers nudged them to adopt SES Complete; the cybersecurity manager at a financial services organization shared: “We had some security issues within the bank, and our auditors told us we needed to improve. We started working to see which solution really fit our requirements and could make us more compliant.”
Fragmented security created significant visibility gaps and high operating costs. Prior to adopting SES Complete, the interviewees operated with disparate security solutions, each addressing specific threats or business units but failing to provide a unified view of the threat landscape. In addition to the security risk, these siloed tools required more maintenance labor than a comprehensive endpoint protection tool. The cybersecurity technologist at a professional services firm noted: “Before adopting SES Complete, we had our own individual device protection, but it was disjointed. There were different pieces doing what one tool could have done.”
Exposed endpoints, particularly exacerbated post-COVID-19, left organizations unprotected. Many interviewees revealed adequately securing only a portion of their total endpoints, a problem intensified by the expansion of remote work environments. This widespread lack of endpoint protection created a vast attack surface, leaving numerous devices vulnerable to compromise and significantly elevating the overall organizational risk. An engineer at a technology organization described how the pandemic drove the need for SES Complete: “During and after COVID-19, a lot of employees started working from home. We have our own in-house technologies, but we found some vulnerabilities, so we needed to explore some leading technologies to improve endpoint security.”
The interviewees searched for a solution that could:
Consolidate protection. The interviewees’ organizations sought to consolidate their endpoint protection by leveraging SES Complete’s single agent and unified console. With this approach, they aimed to simplify management overhead and gain a centralized view of their entire security posture, improving overall visibility and control.
Enhance threat protection. Interviewees shared that one of their objectives with SES Complete was to enhance threat protection and stop advanced threats across all endpoints before they could inflict damage. To neutralize attacks proactively, they used SES Complete’s AI-driven threat prevention, adaptive behavioral analysis, and exploit prevention.
Reduce MTTR. The interviewees’ organizations aimed to significantly reduce their mean time to respond (MTTR) to security incidents by adopting SES Complete’s Endpoint Detection and Response features alongside automated investigations and rapid remediation tools. By minimizing MTTR, they sought to reduce the impact and dwell time of threats within their environment.
Improve operational efficiency. A key objective for the interviewees was to provide security teams with threat intelligence and more precise alerting to save employees’ time on responding to security alerts. In addition to the security time savings, interviewees noted that they also aimed to reduce the security-related help desk tickets their IT support teams had to address.
Based on the interviews, Forrester constructed a TEI framework, a composite company, and an ROI analysis that illustrates the areas financially affected. The composite organization is representative of the interviewees’ organizations, and it is used to present the aggregate financial analysis in the next section.
The composite is a global organization with headquarters in the United States and $10 billion in annual revenue. It receives 1,500 true positive security alerts per month. The organization has 30,000 endpoints protected by SES Complete.
$10 billion annual revenue
30,000 endpoints protected by SES Complete
1,500 true positive security alerts per month
| Ref. | Benefit | Year 1 | Year 2 | Year 3 | Total | Present Value |
|---|---|---|---|---|---|---|
| Atr | Strengthened security posture | $1,450,843 | $1,554,475 | $1,658,107 | $4,663,425 | $3,849,398 |
| Btr | Alert management time savings | $786,053 | $852,883 | $919,714 | $2,558,650 | $2,110,450 |
| Ctr | False positive time savings | $183,960 | $197,309 | $210,657 | $591,926 | $488,572 |
| Dtr | IT support time savings | $103,680 | $120,960 | $138,240 | $362,880 | $298,083 |
| Etr | Avoided legacy solution costs | $600,750 | $808,650 | $808,650 | $2,218,050 | $1,821,993 |
| Total benefits (risk-adjusted) | $3,125,286 | $3,534,277 | $3,735,368 | $10,394,931 | $8,568,496 |
Evidence and data. Interviewees shared that using SES Complete significantly enhanced their organizations’ security posture by providing multilayered protection across all endpoints. Its threat prevention capabilities, including behavioral analysis, proactive malicious activity blocking, threat hunting, and specialized Active Directory security, allowed organizations to stop sophisticated attacks proactively, like malware, ransomware, and targeted threats. Interviewees described several specific ways that SES Complete improved their endpoint security:
Increased share of endpoints protected. Interviewees said that SES Complete offered endpoint protection across various device types, including laptops, mobile devices, and servers, ensuring that it protected a larger portion of their organizations’ endpoints. The IT director at a manufacturing firm described how the coverage improvement solidified their organization’s security: “Previously, we had around 50,000 endpoints. About 50% were protected at the time we switched over because we had not fully adopted an endpoint management solution. We had other tools, but it wasn't a unified solution. Now it's pretty close to 100% of endpoints protected.”
Strengthened security from Adaptive Protection. Interviewees reported that SES Complete’s Adaptive Protection capabilities dynamically adjusted security policies based on their user base’s typical behavior as well as the evolving threat landscape. This AI-driven customization minimized vulnerabilities by optimizing defenses and policies. The cybersecurity technologist at a professional services firm described the benefit: “The Adaptive Protection features are important to us. They read and analyze data from other endpoints, bringing them into one place for better decision-making.”
Improved visibility into endpoints. According to the interviewees, SES Complete provided enhanced visibility into all of their managed endpoints and allowed security teams to identify anomalies and potential threats quickly, reducing the likelihood of a breach. The IT director at a manufacturing firm stated that, “[With SES Complete], you have a comprehensive view of your threat landscape throughout all of your specific endpoints.”
Provided granular detail into security alerts. Interviewees said that, beyond high level visibility into the endpoint threat landscape, SES Complete also provided more granular detail into every security threat’s source, novelty, and exploit potential. This context allowed security staff to assess the acuteness of an alert accurately and prioritize accordingly. The cybersecurity manager at a financial services firm stated: “The benefit is around the level of detail that we are getting from the SES Complete alerts. They provide the source of the threat, if it is already known, if it is new, what the level of exploit could be, and the damage based on the location where the threat is identified. That kind of information helps us understand the criticality of the issue and how to mitigate it.”
Reduced MTTR. Interviewees shared that SES Complete accelerated incident response and remediation time, preventing threats from evolving into larger-scale incidents. The cybersecurity manager at a financial services firm described how SES Complete reduced MTTR: “Our teams are more confident and happier because we are able to identify, detect, and remediate alerts before they hit our major applications. The moment we see an alert, we classify it, segregate it, and prioritize it to be eliminated. There are automated solutions that we have developed based on SES Complete.”
The interviewee went on to say, “I can say with confidence that the MTTR reduction is one of the best things that has happened by using SES Complete.”
Centralized management of diverse device types. SES Complete offered interviewees’ organizations centralized management for a wide array of device types, including laptops, mobile phones, and servers, through a single console. Interviewees shared that this approach eliminated the complexities of managing disparate security solutions and ensured consistent protection. The cybersecurity technologist at a professional services organization reported: “With SES Complete, we can roll out security protections and features to all of our endpoints, whether they are laptops, phones, or standalone servers. It ties everything into our firewall, and then everything gets reported into a centralized space.”
Modeling and assumptions. Based on the interviews, Forrester assumes the following about the composite organization:
Based on Forrester’s 2024 security survey, the composite organization has a 68% chance of experiencing a breach every year, with each breach expected to cost $4.4 million. Furthermore, 81% of those breaches originate either from external attacks, attacks targeting employees’ home or remote networks, or internal incidents. Forrester estimates that SES Complete can address 70% of these breaches.2
With SES Complete, the composite reduces the likelihood of a severe data breach caused by an external attack, an attack targeting employees’ home or remote networks, or an internal incident by 70% in Year 1. The composite’s SES Complete deployment continuously improves based on learning from new threats and environmental data; by Year 3, the reduction in breach likelihood is 80%.
Risks. The following factors may impact this benefit:
The percentage of endpoints that an organization chooses to protect with SES Complete.
An organization’s security posture and maturity prior to deploying SES Complete.
The likelihood and associated costs of security breaches each year.
Results. To account for these risks, Forrester adjusted this benefit downward by 15%, yielding a three-year, risk-adjusted total PV (discounted at 10%) of $3.8 million.
Reduction in likelihood of a breach caused by an external attack, an attack on remote networks, or an internal incident
| Ref. | Metric | Source | Year 1 | Year 2 | Year 3 | |
|---|---|---|---|---|---|---|
| A1 | Cumulative cost of breaches for the composite organization | Forrester research | $4,427,000 | $4,427,000 | $4,427,000 | |
| A2 | Estimated likelihood of at least one breach | Forrester research | 68% | 68% | 68% | |
| A3 | Percentage of breaches originating from external attacks targeting organizations or remote networks and internal incidents | Forrester research | 81% | 81% | 81% | |
| A4 | Percentage of those breaches addressable with SES Complete | Interviews | 70% | 70% | 70% | |
| A5 | Annual risk exposure addressable with SES Complete (rounded) | A1*A2*A3 | $2,438,392 | $2,438,392 | $2,438,392 | |
| A6 | Reduced risk of exposure to breach costs from using SES Complete | Interviews | 70% | 75% | 80% | |
| At | Strengthened security posture | A5*A6 | $1,706,874 | $1,828,794 | $1,950,714 | |
| Risk adjustment | ↓15% | |||||
| Atr | Strengthened security posture (risk-adjusted) | $1,450,843 | $1,554,475 | $1,658,107 | ||
| Three-year total: $4,663,425 | Three-year present value: $3,849,398 | |||||
Evidence and data. Interviewees shared that SES Complete allowed their security teams to significantly reduce the time spent manually responding to true positive security alerts through several integrated capabilities. By proactively diminishing the attack surface via features like behavioral and application isolation and Adaptive Protection, the interviewees’ organizations could reduce the overall volume of alerts generated, while also accelerating alert resolution times.
Interviewees shared that they used SES Complete to deploy automated response capabilities, such as real-time blocking of malicious behaviors and automatic actions based on deviations from normal behavior, eliminating the need for as many manual interventions. The cybersecurity manager at a financial services firm described the benefit: “Based on the alert information we get from SES Complete, we have developed an automated response system based on criticality. … There’s a 30% to 40% reduction in the MTTR for known threats and exploits.”
When true positives do occur, interviewees noted that SES Complete provided highly descriptive alerts with crucial data on threat sources and exploit levels, allowing security teams to understand and remediate each incident quickly without extensive investigation. An engineer at a technology organization reported: “With SES Complete, we not only see the number of alerts decrease but we also decrease the support staff time spent on each ticket. … If we didn’t have SES Complete, the [ticket resolution time] would be double. When we handle the tickets, the security staff can see the logs of all the clients and the user’s behavior graph and make use of that information to make decisions much faster.”
The IT director at a manufacturing firm agreed that their organization saw a reduction in security alerts and alert resolution time from using SES Complete: “Some of the features that helped reduce the amount of time it took to investigate threats were the automated threat prevention, the ability to better detect true and false positives, and then overall faster incident responses, because the number of incidents became lower.”
The same interviewee went on to quantify the time savings for their security team: “The mean time for remediation has reduced by 33%. … The team is doing more monitoring with less intervention. Previously, they were spending about 50% of their time with manual remediation and now it is down to 15%. … When you deploy something like SES Complete, you’re going to get a big return right away. You’re going to get 30% to 40% reduction in time in some areas.”
Modeling and assumptions. Based on the interviews, Forrester assumes the following about the composite organization:
Prior to using SES Complete, the composite organization has 1,500 true positive security alerts per month.
With SES Complete, the composite reduces the number of security alerts that require investigation by 10% in Year 1. As the SES Complete deployment matures and the composite sets up more automated responses, this percentage grows to 15% and 20% in Years 2 and 3, respectively.
Before SES Complete, each alert investigation required 2.5 hours of FTE time.
With SES Complete, the number of hours dedicated to each alert investigation fell by 33%, down to 1.68 hours.
A security FTE has a fully burdened hourly rate of $65.
An 80% productivity recapture is applied since not all time savings are redeployed productively.
Risks. Alert management time savings will vary depending on:
The volume of security alerts an organization has in its legacy environment.
The number of hours required for each alert investigation prior to deploying SES Complete.
The average fully burdened annual salary for a security FTE.
Results. To account for these risks, Forrester adjusted this benefit downward by 15%, yielding a three-year, risk-adjusted total PV (discounted at 10%) of $2.1 million.
Reduction in time to investigate each alert
| Ref. | Metric | Source | Year 1 | Year 2 | Year 3 | |
|---|---|---|---|---|---|---|
| B1 | True positive security alerts (per month) | Composite | 1,500 | 1,500 | 1,500 | |
| B2 | Percentage reduction in true positive alerts that require investigation with SES Complete | Interviews | 10% | 15% | 20% | |
| B3 | True positive security alerts that require investigation with SES Complete (per month) | B1*(1-B2) | 1,350 | 1,275 | 1,200 | |
| B4 | FTE time dedicated to responding to each alert before SES Complete (hours) | Composite | 2.5 | 2.5 | 2.5 | |
| B5 | Percentage reduction in time required to respond to each alert with SES Complete | Interviews | 33% | 33% | 33% | |
| B6 | FTE time dedicated to responding to each alert with SES Complete (hours) | B4*(1-B5) | 1.68 | 1.68 | 1.68 | |
| B7 | Annual FTE time required for incident response and resolution before SES Complete (hours) | B1*B4*12 months | 45,000 | 45,000 | 45,000 | |
| B8 | Annual FTE time required for incident response and resolution with SES Complete (rounded hours) | B3*B6*12 months | 27,216 | 25,704 | 24,192 | |
| B9 | Fully burdened hourly rate for a security FTE | Composite | $65 | $65 | $65 | |
| B10 | Productivity recapture | Composite | 80% | 80% | 80% | |
| Bt | Alert management time savings | (B7-B8)*B9*B10 | $924,768 | $1,003,392 | $1,082,016 | |
| Risk adjustment | ↓15% | |||||
| Btr | Alert management time savings (risk-adjusted) | $786,053 | $852,883 | $919,714 | ||
| Three-year total: $2,558,650 | Three-year present value: $2,110,450 | |||||
Evidence and data. Interviewees shared that SES Complete’s ability to correlate activity from device health, user activity, and web access enabled more accurate detection rules that adapted to context, such as whether a user was remote or using a trusted device. This improvement in detection accuracy reduced the time staff spent responding to false positives.
An engineer at a technology company described how SES Complete’s detections adapted to context, leading to an improvement in alert precision: “[SES Complete] detects behavioral threats or malware in a more contextually aware way. For example, users may switch between different accounts, such as corporate accounts, personal accounts, and testing accounts. We definitely want to offer all the protections, but the protection level could vary in different contexts. Using the same protection level may result in too many false positives or false negatives. Contextual awareness in our testing and feedback from real users is one of the best features compared to other vendors we’ve used.”
The IT director at a manufacturing organization agreed that SES Complete had reduced the number of false positives for their organization: “SES Complete has Adaptive Protection, which prevents breaches. Their detection and response tool has the ability to do behavioral forensics, which uses machine learning and analytics to determine threats that are not fully defined or recognized and to filter out threats that may not be threats at all.”
The same interviewee also described how SES Complete’s isolation features contributed to a reduction in false positives: “SES Complete’s app isolation and behavior isolation has been very helpful for us. It’s driven by AI capabilities that better detect threats and reduce the number of false positives we’re getting so that we don’t have our team running around in circles.”
The IT director went on to share that after adopting SES Complete, their organization reduced the number of false positives by 35%.
Modeling and assumptions. Based on the interviews, Forrester assumes the following about the composite organization:
Prior to adopting SES Complete, the composite organization investigates 300 false positives per month.
With SES Complete, the composite reduces the amount of false positives by 20% in Year 1. As SES Complete’s adaptive learning continuously refines its detection model based on accumulated data, the reduction in false positives increases to 25% in Year 2 and 30% in Year 3.
Before SES Complete, each false positive required 2.5 FTE hours to investigate.
The composite uses SES Complete to accelerate alert investigations, and the time required for each investigation falls by 33% to 1.68 hours.
A security FTE has a fully burdened hourly rate of $65.
An 80% productivity recapture is applied since not all hours saved are redeployed productively.
Risks. False positive time savings will vary depending on:
The share of false positive alerts an organization has in its legacy environment.
An organization’s tolerance for false positives.
The number of hours required for each false positive investigation prior to deploying SES Complete.
The average fully burdened annual salary for a security FTE.
Results. To account for these risks, Forrester adjusted this benefit downward by 15%, yielding a three-year, risk-adjusted total PV (discounted at 10%) of $489,000.
Reduction in false positives
| Ref. | Metric | Source | Year 1 | Year 2 | Year 3 | |
|---|---|---|---|---|---|---|
| C1 | False positives investigated prior to SES Complete (per month) | Composite | 300 | 300 | 300 | |
| C2 | FTE time dedicated to responding to each alert before SES Complete (hours) | Composite | 2.5 | 2.5 | 2.5 | |
| C3 | Percentage reduction in false positives with SES Complete | Interviews | 20% | 25% | 30% | |
| C4 | False positives eliminated with SES Complete (per month) | C1*C3 | 60 | 75 | 90 | |
| C5 | Subtotal: Annual time savings from eliminated false positives (hours) | C2*C4*12 months | 1,800 | 2,250 | 2,700 | |
| C6 | False positives remaining with SES Complete (per month) | C1-C4 | 240 | 225 | 210 | |
| C7 | FTE time dedicated to responding to each alert with SES Complete (hours) | B6 | 1.68 | 1.68 | 1.68 | |
| C8 | Subtotal: Annual time savings on false positives that still require investigation with SES Complete (rounded hours) | C6*(C2-C7)*12 months | 2,362 | 2,214 | 2,066 | |
| C9 | Fully burdened hourly rate for a security FTE | Composite | $65 | $65 | $65 | |
| C10 | Productivity recapture | Composite | 80% | 80% | 80% | |
| Ct | False positive time savings | (C5+C8)*C9*C10 | $216,424 | $232,128 | $247,832 | |
| Risk adjustment | ↓15% | |||||
| Ctr | False positive time savings (risk-adjusted) | $183,960 | $197,309 | $210,657 | ||
| Three-year total: $591,926 | Three-year present value: $488,572 | |||||
Evidence and data. Interviewees shared that using SES Complete reduced IT support tickets by identifying and remediating issues proactively before users experienced disruptions. With centralized policy enforcement, automated response to common user access problems, and real-time threat containment, SES Complete eliminated many routine tickets related to access errors, account suspensions, malware alerts, and network slowdowns. Interviewees provided a range of estimates for the reduction in IT support tickets:
The IT director at a manufacturing firm described the decrease in tickets: “On the help desk side, there used to be a lot more endpoint-related issues. Within the help desk, it’s a 15% reduction in time [with SES Complete].”
The cybersecurity manager at a financial services organization provided a similar estimate for IT support time savings, “We have seen a 15% to 20% decrease in the number of tickets that are reaching the help desk team.”
An engineer at a technology company also reported a decline in account-related endpoint tickets: “We receive alerts when account behavior is not right, or there is malware, and then we suspend their accounts. There are tickets when the user cannot log in or the account is suspended, and we need to investigate. For these time-consuming tickets, it is clearly declining [with SES Complete].”
Modeling and assumptions. Based on the interviews, Forrester assumes the following about the composite organization:
Prior to deploying SES Complete, the composite organization receives 30,000 IT support tickets per month.
In Year 1 of using SES Complete, the number of IT support tickets declines by 6%. As the SES Complete deployment matures, the number of tickets declines by 7% in Year 2 and 8% in Year 3.
Each ticket requires 10 minutes of FTE time.
An IT support FTE has a fully burdened hourly rate of $40.
A productivity recapture of 80% is applied since not all hours saved are redeployed productively.
Risks. The IT support time savings will vary depending on:
The number of IT support tickets an organization receives per month, as well as the portion of tickets that are related to account suspensions, blocked work, or other endpoint security issues.
The number of FTE minutes required for each IT support ticket.
The fully burdened hourly rate for an IT support FTE.
Results. To account for these risks, Forrester adjusted this benefit downward by 10%, yielding a three-year, risk-adjusted total PV (discounted at 10%) of $298,000.
Reduction in IT support tickets
| Ref. | Metric | Source | Year 1 | Year 2 | Year 3 | |
|---|---|---|---|---|---|---|
| D1 | IT support tickets received per month | Composite | 30,000 | 30,000 | 30,000 | |
| D2 | Percentage reduction in IT tickets with SES Complete | Interviews | 6% | 7% | 8% | |
| D3 | Reduction in IT support tickets | D1*D2*12 months | 21,600 | 25,200 | 28,800 | |
| D4 | FTE time required to respond to each help desk ticket (minutes) | Composite | 10 | 10 | 10 | |
| D5 | Fully burdened hourly rate for an IT support FTE | Composite | $40 | $40 | $40 | |
| D6 | Productivity recapture | Composite | 80% | 80% | 80% | |
| Dt | IT support time savings | D3*(D4/60 minutes)*D5*D6 | $115,200 | $134,400 | $153,600 | |
| Risk adjustment | ↓10% | |||||
| Dtr | IT support time savings (risk-adjusted) | $103,680 | $120,960 | $138,240 | ||
| Three-year total: $362,880 | Three-year present value: $298,083 | |||||
Evidence and data. Most interviewees reported that adopting SES Complete allowed them to retire legacy tools, such as legacy endpoint protection platforms or standalone web gateways. By consolidating onto one tool, interviewees reported that they could reduce the amount of internal labor dedicated to maintaining, patching, and troubleshooting separate systems.
The cybersecurity technologist at a professional services firm reported that migrating to SES Complete enabled them to gradually retire several point tools, which collectively cost more than SES Complete. The interviewee described why they decided to consolidate onto SES Complete: “The ease of use and setup were significant factors in choosing SES Complete. Adding users and registering devices was easy, especially for smaller organizations. It was quick to deploy on a private server or cloud.”
The IT director at a manufacturing firm reported that prior to implementing SES Complete, they had two endpoint solutions that failed to provide them with comprehensive visibility, which led to regular security incidents and occasional breaches. Although these tools were less expensive than SES Complete, they were labor intensive to maintain, and the vulnerabilities led to high breach costs. The interviewee described the maintenance cost savings they saw after adopting SES Complete: “Having a tool that can automate security tasks and provide centralized visibility and automate the control of updating endpoints helps us be more efficient overall. … Without having the comprehensive on-prem capabilities along with capabilities in the cloud, it would be much harder for us to support our complex network.”
The IT director went on to compare SES Complete with other comprehensive endpoint protection platforms: “There are a lot of SES Complete competitors out there, but SES Complete is working for us. There are other solutions, but [we found that] their cost and complexity would require much more cybersecurity resources.”
The cybersecurity manager at a financial services firm reported that they adopted SES Complete to supplement their other endpoint protection platforms and are now planning to retire one of their legacy platforms to lean into SES Complete more fully. The interviewee stated that the tool they plan on retiring is roughly the same price as SES Complete.
Modeling and assumptions. Based on the interviews, Forrester assumes the following about the composite organization:
The composite organization begins retiring legacy tools in Year 1 and can fully retire these tools by Year 2. In total, it retires $330,000 of legacy system costs in Year 1, with $561,000 of costs avoided in both Years 2 and 3.
The composite’s legacy endpoint protection systems required 2.5 FTEs to maintain.
Each security maintenance employee has an average fully burdened annual salary of $135,000.
Risks. The avoided legacy costs will vary depending on:
The specific endpoint protection tools that an organization has in its legacy suite.
The speed at which an organization can retire its legacy costs.
The average fully burdened annual salary for a security employee in charge of maintaining endpoint protection platforms.
Results. To account for these risks, Forrester adjusted this benefit downward by 10%, yielding a three-year, risk-adjusted total PV (discounted at 10%) of $1.8 million.
Annual security solutions costs avoided
| Ref. | Metric | Source | Year 1 | Year 2 | Year 3 | |
|---|---|---|---|---|---|---|
| E1 | Eliminated legacy point solutions costs | Composite | $330,000 | $561,000 | $561,000 | |
| E2 | FTEs dedicated to maintaining legacy solutions | Interviews | 2.5 | 2.5 | 2.5 | |
| E3 | Fully burdened annual salary for an FTE who maintains legacy security solutions | Composite | $135,000 | $135,000 | $135,000 | |
| Et | Avoided legacy solution costs | E1+(E2*E3) | $667,500 | $898,500 | $898,500 | |
| Risk adjustment | ↓10% | |||||
| Etr | Avoided legacy solution costs (risk-adjusted) | $600,750 | $808,650 | $808,650 | ||
| Three-year total: $2,218,050 | Three-year present value: $1,821,993 | |||||
Interviewees mentioned the following additional benefits that their organizations experienced but were not able to quantify:
Cybersecurity insurance benefits. Some interviewees reported that they adopted SES Complete partially at the direction of their cybersecurity insurance providers. Other interviewees shared that, although they independently decided to implement SES Complete, it made it easier to keep their existing coverage, prevent premium increases, and potentially secure lower rates. The cybersecurity manager at a financial services firm described the impact of SES Complete on their cybersecurity insurance: “Our cyber insurance cost has definitely come down. Insurance is based in part on the number of security providers you have, so we had a reduction of about 3% in premiums.”
The IT director at a manufacturing firm reported that SES Complete not only helped them keep their coverage but also led to time savings when applying for insurance: “[SES Complete] helped us with cybersecurity insurance. Once we were using a standardized platform like this, [insurers] knew that we were compliant, and they could continue to provide insurance to us. It helped reduce the amount of time it takes to complete the audit and provide the appropriate information to them to maintain our insurance.”
Easier compliance process. Interviewees also noted that SES Complete helped their organizations meet all of their global and local compliance obligations, simplifying the auditing process and reducing the likelihood that their organizations incurred regulatory penalties. The cybersecurity manager at a financial services organization noted that SES Complete’s adherence to these regulations was part of the reason their organization adopted the solution: “The first question we had was whether the solution was going to be fully compliant with all the local regulations like NST, HIPAA, and ISO 27000. Because we are a global organization, we also need to ensure it follows the GDPR rules. This solution meets all of those. … Being compliant is a major achievement for any large organization. If you’re not being compliant, you’ll have a huge penalty.”
The value of flexibility is unique to each customer. There are certain scenarios in which a customer might implement SES Complete and later realize additional uses and business opportunities.
Using SES Complete to shrink maintenance windows and increase revenue. The cybersecurity manager at a financial services organization reported that they leveraged SES Complete to reduce their critical maintenance windows, leading to less scheduled downtime and more revenue. SES Complete enabled their organization to simulate sophisticated cyberattacks and conduct testing within isolated, lower environments, allowing it to validate system resilience without impacting live operations. The interviewee stated: “When we were using our previous tools, we had longer repair windows, which are hours where we can safely maintain or update our critical systems. The smaller the window is, the better, because there are 24/7 running applications and some people try to trade early in the morning. By using SES Complete, we were able to simulate attacks and test them thoroughly in our lower environments, so the maintenance window went from 8 hours to 4 hours. This is saving us millions of dollars per year.”
| Ref. | Cost | Initial | Year 1 | Year 2 | Year 3 | Total | Present Value |
|---|---|---|---|---|---|---|---|
| Ftr | SES Complete subscription and professional services costs | $110,000 | $891,000 | $891,000 | $891,000 | $2,783,000 | $2,325,785 |
| Gtr | Implementation and training costs | $167,440 | $3,588 | $3,588 | $3,588 | $178,204 | $176,363 |
| Htr | Internal labor for ongoing management | $0 | $222,750 | $222,750 | $222,750 | $668,250 | $553,946 |
| Total costs (risk-adjusted) | $277,440 | $1,117,338 | $1,117,338 | $1,117,338 | $3,629,454 | $3,056,094 |
Evidence and data. Interviewees reported that the structure of SES Complete costs was on a per endpoint per year basis. Additionally, some interviewees reported that they incurred managed or professional services fees for SES Complete implementation and customization. Pricing may vary. Contact Broadcom for additional details.
Modeling and assumptions. Based on the interviews, Forrester assumes the following about the composite organization:
The composite incurs $660,000 of annual licensing costs.
In addition to the licensing costs, the composite organization incurs professional services costs of $100,000 during the implementation process. After the implementation, the composite incurs annual costs of $150,000 for ongoing professional services.
Risks. The impact of this cost will vary depending on:
Pricing changes.
Contract terms.
The number of endpoints SES Complete protects.
Results. To account for these risks, Forrester adjusted this cost upward by 10%, yielding a three-year, risk-adjusted total PV (discounted at 10%) of $2.3 million.
| Ref. | Metric | Source | Initial | Year 1 | Year 2 | Year 3 |
|---|---|---|---|---|---|---|
| F1 | Annual SES Complete subscription costs | Composite | $660,000 | $660,000 | $660,000 | |
| F2 | Professional services costs | Composite | $100,000 | $150,000 | $150,000 | $150,000 |
| Ft | SES Complete subscription and professional services costs | F1+F2 | $100,000 | $810,000 | $810,000 | $810,000 |
| Risk adjustment | ↑10% | |||||
| Ftr | SES Complete subscription and professional services costs (risk-adjusted) | $110,000 | $891,000 | $891,000 | $891,000 | |
| Three-year total: $2,783,000 | Three-year present value: $2,325,785 | |||||
Evidence and data. Interviewees shared that they incurred internal labor costs associated with the SES Complete implementation. During the deployment process, interviewees dedicated several FTEs over the course of three to six months to configuring the solution’s architecture and performing initial testing. In addition to implementation labor, interviewees also reported that security staff required a multiday training to familiarize themselves with the SES Complete platform.
Modeling and assumptions. Based on the interviews, Forrester assumes the following about the composite organization:
The composite dedicates four FTEs to managing the implementation process.
The deployment process takes four months.
Over the four-month period, each of the four FTEs dedicates 75% of their time to supporting the implementation.
The FTEs have a fully burdened hourly rate of $65.
The composite trains 20 employees during the initial implementation process, with each training taking 16 hours.
The composite trains three employees each year thereafter to account for turnover.
Risks. Implementation and training costs will vary depending on:
Implementation delays.
Employees’ familiarity with other Broadcom solutions.
The average fully burdened annual salary for an FTE involved in implementation and training.
Results. To account for these risks, Forrester adjusted this cost upward by 15%, yielding a three-year, risk-adjusted total PV (discounted at 10%) of $176,000.
| Ref. | Metric | Source | Initial | Year 1 | Year 2 | Year 3 |
|---|---|---|---|---|---|---|
| G1 | Employees dedicated to implementation process | Composite | 4 | |||
| G2 | Length of implementation process (months) | Composite | 4 | |||
| G3 | Percentage of time dedicated to implementation process | Composite | 75% | |||
| G4 | Total implementation time (hours) |
G1*G2*G3* 160 hours per month |
1,920 | |||
| G5 | Fully burdened hourly rate for an implementation resource | Composite | $65 | $65 | $65 | $65 |
| G6 | Subtotal: Internal labor costs for implementation | G4*G5 | $124,800 | $0 | $0 | $0 |
| G7 | Employees trained on using SES Complete | Composite | 20 | 3 | 3 | 3 |
| G8 | Time required for training (hours) | Composite | 16 | 16 | 16 | 16 |
| G9 | Subtotal: Training costs | G7*G8*G5 | $20,800 | $3,120 | $3,120 | $3,120 |
| Gt | Implementation and training costs | G6+G9 | $145,600 | $3,120 | $3,120 | $3,120 |
| Risk adjustment | ↑15% | |||||
| Gtr | Implementation and training costs (risk-adjusted) | $167,440 | $3,588 | $3,588 | $3,588 | |
| Three-year total: $178,204 | Three-year present value: $176,363 | |||||
Evidence and data. The interviewees noted that managing SES Complete was a lighter lift than managing their legacy patchwork of endpoint security tools. Their organization required some internal labor to manage the deployment on an ongoing basis, with time spent on applying updates and patches, conducting regular system health checks, and refining policies.
Modeling and assumptions. Based on the interviews, Forrester assumes the following about the composite organization:
The composite dedicates two employees to managing SES Complete.
Each of these FTEs dedicates 75% of their time to ongoing SES Complete management.
These employees have an average fully burdened annual salary of $135,000.
Risks. Ongoing management costs will vary depending on:
The skill level and ongoing internal effort per resource dedicated to managing SES Complete.
The average fully burdened annual salary for a platform manager.
Results. To account for these risks, Forrester adjusted this cost upward by 10%, yielding a three-year, risk-adjusted total PV (discounted at 10%) of $554,000.
| Ref. | Metric | Source | Initial | Year 1 | Year 2 | Year 3 |
|---|---|---|---|---|---|---|
| H1 | Employees dedicated to managing SES Complete deployment | Composite | 2 | 2 | 2 | |
| H2 | Percentage of time dedicated to managing SES Complete deployment | Composite | 75% | 75% | 75% | |
| H3 | Fully burdened annual salary for a SES Complete manager | Composite | $135,000 | $135,000 | $135,000 | $135,000 |
| Ht | Internal labor for ongoing management | H1*H2*H3 | $0 | $202,500 | $202,500 | $202,500 |
| Risk adjustment | ↑10% | |||||
| Htr | Internal labor for ongoing management (risk-adjusted) | $0 | $222,750 | $222,750 | $222,750 | |
| Three-year total: $668,250 | Three-year present value: $553,946 | |||||
| Initial | Year 1 | Year 2 | Year 3 | Total | Present Value | |
|---|---|---|---|---|---|---|
| Total costs | ($277,440) | ($1,117,338) | ($1,117,338) | ($1,117,338) | ($3,629,454) | ($3,056,094) |
| Total benefits | $0 | $3,125,286 | $3,534,277 | $3,735,368 | $10,394,931 | $8,568,496 |
| Net benefits | ($277,440) | $2,007,948 | $2,416,939 | $2,618,030 | $6,765,477 | $5,512,402 |
| ROI | 180% | |||||
| Payback | <6 months |
The financial results calculated in the Benefits and Costs sections can be used to determine the ROI, NPV, and payback period for the composite organization’s investment. Forrester assumes a yearly discount rate of 10% for this analysis.
These risk-adjusted ROI, NPV, and payback period values are determined by applying risk-adjustment factors to the unadjusted results in each Benefit and Cost section.
The initial investment column contains costs incurred at “time 0” or at the beginning of Year 1 that are not discounted. All other cash flows are discounted using the discount rate at the end of the year. PV calculations are calculated for each total cost and benefit estimate. NPV calculations in the summary tables are the sum of the initial investment and the discounted cash flows in each year. Sums and present value calculations of the Total Benefits, Total Costs, and Cash Flow tables may not exactly add up, as some rounding may occur.
From the information provided in the interviews, Forrester constructed a Total Economic Impact™ framework for those organizations considering an investment in SES Complete.
The objective of the framework is to identify the cost, benefit, flexibility, and risk factors that affect the investment decision. Forrester took a multistep approach to evaluate the impact that SES Complete can have on an organization.
Interviewed Broadcom stakeholders and Forrester analysts to gather data relative to SES Complete.
Interviewed four decision-makers at organizations using SES Complete to obtain data about costs, benefits, and risks.
Designed a composite organization based on characteristics of the interviewees’ organizations.
Constructed a financial model representative of the interviews using the TEI methodology and risk-adjusted the financial model based on issues and concerns of the interviewees.
Employed four fundamental elements of TEI in modeling the investment impact: benefits, costs, flexibility, and risks. Given the increasing sophistication of ROI analyses related to IT investments, Forrester’s TEI methodology provides a complete picture of the total economic impact of purchase decisions. Please see Appendix A for additional information on the TEI methodology.
Benefits represent the value the solution delivers to the business. The TEI methodology places equal weight on the measure of benefits and costs, allowing for a full examination of the solution’s effect on the entire organization.
Costs comprise all expenses necessary to deliver the proposed value, or benefits, of the solution. The methodology captures implementation and ongoing costs associated with the solution.
Flexibility represents the strategic value that can be obtained for some future additional investment building on top of the initial investment already made. The ability to capture that benefit has a PV that can be estimated.
Risks measure the uncertainty of benefit and cost estimates given: 1) the likelihood that estimates will meet original projections and 2) the likelihood that estimates will be tracked over time. TEI risk factors are based on “triangular distribution.”
The present or current value of (discounted) cost and benefit estimates given at an interest rate (the discount rate). The PV of costs and benefits feed into the total NPV of cash flows.
The present or current value of (discounted) future net cash flows given an interest rate (the discount rate). A positive project NPV normally indicates that the investment should be made unless other projects have higher NPVs.
A project’s expected return in percentage terms. ROI is calculated by dividing net benefits (benefits less costs) by costs.
The interest rate used in cash flow analysis to take into account the time value of money. Organizations typically use discount rates between 8% and 16%.
The breakeven point for an investment. This is the point in time at which net benefits (benefits minus costs) equal initial investment or cost.
Total Economic Impact is a methodology developed by Forrester Research that enhances a company’s technology decision-making processes and assists solution providers in communicating their value proposition to clients. The TEI methodology helps companies demonstrate, justify, and realize the tangible value of business and technology initiatives to both senior management and other key stakeholders.
1 Total Economic Impact is a methodology developed by Forrester Research that enhances a company’s technology decision-making processes and assists solution providers in communicating their value proposition to clients. The TEI methodology helps companies demonstrate, justify, and realize the tangible value of business and technology initiatives to both senior management and other key stakeholders.
2 Source: A regression analysis of the reported total cumulative costs of all breaches experienced by security decision-makers’ organizations in the past 12 months. The composite organization’s revenue is used as the input to the regression formula. We asked 1,660 global security decision-makers who have experienced a breach in the past 12 months, “Using your best estimate, what was the total cumulative cost of all breaches experienced by your organization in the past 12 months?” Source: Forrester’s Security Survey, 2024.
Readers should be aware of the following:
This study is commissioned by Broadcom and delivered by Forrester Consulting. It is not meant to be used as a competitive analysis.
Forrester makes no assumptions as to the potential ROI that other organizations will receive. Forrester strongly advises that readers use their own estimates within the framework provided in the study to determine the appropriateness of an investment in SES Complete.
Broadcom reviewed and provided feedback to Forrester, but Forrester maintains editorial control over the study and its findings and does not accept changes to the study that contradict Forrester’s findings or obscure the meaning of the study.
Broadcom provided the customer names for the interviews but did not participate in the interviews.
Matt Dunham
September 2025
ABOUT FORRESTER CONSULTING
Forrester provides independent and objective research-based consulting to help leaders deliver key transformation outcomes. Fueled by our customer-obsessed research, Forrester’s seasoned consultants partner with leaders to execute on their priorities using a unique engagement model that tailors to diverse needs and ensures lasting impact. For more information, visit forrester.com/consulting.
© Forrester Research, Inc. All rights reserved. Unauthorized reproduction is strictly prohibited. Information is based on the best available resources. Opinions reflect judgment at the time and are subject to change. Forrester®, Technographics®, Forrester Wave, and Total Economic Impact are trademarks of Forrester Research, Inc. All other trademarks are the property of their respective companies.
https://mainstayadvisor.com/go/mainstay/gdpr/policy.html
PDF