[CONTENT]
$
USD
Total Economic Impact
Cost Savings And Business Benefits Enabled By Cato SASE Platform
A FORRESTER TOTAL ECONOMIC IMPACT STUDY COMMISSIONED BY CATO NETWORKS, January 2026
Total Economic Impact
A FORRESTER TOTAL ECONOMIC IMPACT STUDY COMMISSIONED BY CATO NETWORKS, January 2026
Secure access service edge (SASE) platforms combine security and networking functions and can deliver and support any combination of cloud, software, or hardware components.
The Cato SASE Platform (Cato SASE) delivers a SASE cloud platform that provides centralized management and monitoring of network and security capabilities, while also improving network performance and reducing security risk. This cloud-native platform provides a single user interface that saves network and security teams’ time, improves the support of mobile and remote workers, and is easy to implement. Requiring a simple on-premises device that can be installed in minutes without IT presence and utilizing basic internet connections, the solution lowers infrastructure costs and network connectivity costs. Consolidating software-defined wide-area network (SD-WAN), secure web gateway (SWG), cloud access security blocker (CASB), Zero Trust network access (ZTNA), and next-generation firewalls (NGFWs) into a single tool eliminates the need for multiple tools and leads to labor savings. The platform enhances the experience of remote and mobile workers while reducing associated security risks.
Cato Networks commissioned Forrester Consulting to conduct a Total Economic Impact™ (TEI) study and examine the potential return on investment (ROI) enterprises may realize by deploying Cato SASE Platform.1 The purpose of this study is to provide readers with a framework to evaluate the potential financial impact of Cato SASE on their organizations.
To better understand the benefits, costs, and risks associated with this investment, Forrester interviewed six decision-makers with experience using Cato SASE Platform. For the purposes of this study, Forrester aggregated the experiences of the interviewees and combined the results into a single composite organization, which is a multibillion-dollar global corporation with 30,000 employees.
Interviewees said that prior to using Cato SASE Platform, their organizations had recurring challenges with their organizations’ networks, administration, and security. Their infrastructure was complex and fragmented, relying on multiple point solutions that caused performance issues, outages, security incidents, and high costs for on-site hardware and circuits. Network and security teams had to repeat tasks across different systems, leading to redundant administrative work and duplicated responses to issues. Expanding the corporate network to new sites was both time-consuming and expensive.
After the investment in Cato SASE Platform, the interviewees shared that their organizations now have a centrally managed network and security solution, providing stronger security, supporting end users with better network performance and better remote support, and providing both capex and opex savings. Both network and security teams have seen significant time savings, with a substantial reduction in administrative workload. Key results from the investment include a material reduction in security risk, network and security team time savings, and agility related to simplified and shortened site implementations.
Quantified benefits. Three-year, risk-adjusted present value (PV) quantified benefits for the composite organization include:
Breach cost savings of $2.1 million. Cato SASE provides the composite organization with an improved security posture by providing highly effective cybersecurity capabilities in a single platform. The composite organization is able to improve prevention capabilities, provide monitoring that identifies threats sooner with effective alerts and automated actions, and respond faster and more effectively to identified threats.
Labor savings of $2.0 million due to improved productivity and outcomes. The composite organization’s network team, security team, help desk, and local IT teams all experience labor savings with Cato SASE. Having a single platform eliminates duplicate data entry, monitoring, and incident reaction previously handled by multiple solutions. A reduction in network issues and security incidents provides valuable time savings.
Licensing and telecom cost savings of $10.6 million. The composite organization retires numerous network and security solutions while transitioning to lower-cost internet connections and on-site devices.
Merger and acquisitions savings of $4.1 million for cutover and ongoing costs. The composite organization expands its global footprint 10% per year, lowering labor costs, licensing costs, telecom costs, and breach risk.
Unquantified benefits. Benefits that provide value for the composite organization but are not quantified for this study include:
Visibility, regulatory compliance, and business operation improvements. The composite organization has full network visibility, providing insights that lead to improved strategies. Cato SASE enables the composite organization to improve regulatory compliance and associated audits and reporting. Additionally, the composite organization sees a resolution to network performance issues and fewer outages.
Facilitated collaboration between the network team and the cybersecurity team. The composite organization’s network and cybersecurity teams work better together than in the past, which improves outcomes.
End-user satisfaction improvement. The composite organization’s end users benefit from improved network performance, outage reductions, and remote worker improvements.
Trusted partnership. The composite organization considers Cato Networks a partner, with a valuable solution and strong support.
Costs. Three-year, risk-adjusted PV costs for the composite organization include:
Cato SASE licensing costs of $5.5 million. The composite organization implements the Cato SASE globally.
Implementation costs of $106,000. The composite organization finds the Cato SASE implementation effort to be much easier than with legacy solutions. Cato SASE provides a single solution for network and security administration, so setup is simplified. On-site setup is completed by local IT staff.
The financial analysis that is based on the interviews found that a composite organization experiences benefits of $18.9 million over three years versus costs of $5.6 million, adding up to a net present value (NPV) of $13.2 million and an ROI of 235%.
Return on investment (ROI)
Benefits PV
Net present value (NPV)
Payback
| Role | Industry | Region | Annual Revenue |
|---|---|---|---|
| CIO | Chemicals | Global | $2.5 billion |
| Director | Real estate services | Global | $5 billion |
| IT and security officer | Physical therapy and rehabilitation services | US | $1 billion |
| Enterprise technology director | Ingredients | Global | $5 billion |
| Infrastructure and platform manager | Manufacturing | Global | $10 billion |
| Director | Nutrition and personal care | Global | $5 billion |
Interviewees shared common challenges related to their organizations’ network, network administration, and network security. They had a complex, fragmented network and security stack, with multiple point products, performance and outage issues, security incidents, and costly on-site devices and circuits. Network and security teams performed repetitive actions across multiple solutions, with redundant labor in administrative tasks and responses to network and security issues. Adding new sites to the corporate network was time-consuming and costly.
Interviewees noted how their organizations struggled with common challenges, including:
Legacy infrastructure with multiple solutions, leading to high costs and operational issues. The interviewees spoke of having legacy implementations that included expensive network equipment, costly network circuits, disparate solutions with no interface integration, and operational issues. The cost of network equipment was at capex levels. Use of expensive legacy network circuits, such as MPLS, was common. The real estate services director shared, “Our ISP costs were 20% to 30% higher than we pay today.” Interviewees described having a variety of operational issues, leading to outages, causing performance issues, and hindering software updates.
Disparate network and network security solutions, leading to complexity, process inefficiencies, and wasted labor. Interviewees described many shortcomings from having disparate network and network security solutions. They described the complexity and inefficiencies in administering, monitoring, and responding in many different tools for network and security processes. Using multiple devices for multiple local infrastructures also had challenges, as described by the real estate services director: “Previously, we would have to order equipment, have it shipped ... ship that to the site ... rack it, configure it, etc. That was more time-consuming.”
Disparate cybersecurity solutions leading to unnecessary cybersecurity risk and labor inefficiencies. Interviewees shared that security concerns were part of their organizations’ motivation that led to the move to Cato. Cybersecurity threats, incident close calls, and actual incidents were all described, with noise from false positives, delays in issue identification, inefficiencies and errors due to the use of multiple tools, and lack of automated responses all playing a role in heightened risk and inefficient use of the security teams’ time.
The interviewees searched for a solution that could:
Reduce security risk, network performance issues, and network outages. Interviewees looked for a solution that would reduce the likelihood and severity of cybersecurity incidents and would resolve various network performance and outage events.
Decrease costs while supporting both the network and security teams. Interviewees’ organizations required having a single solution, which would improve network visibility, network administration, and security management while reducing device and solution costs and standardizing policies and processes
Improve user experience and reduce risk for remote and mobile workers. Interviewees wanted to improve both the experience of remote and mobile workers while providing better security, utilizing better ZTNA and CASB capabilities.
Based on the interviews, Forrester constructed a TEI framework, a composite company, and an ROI analysis that illustrates the areas financially affected. The composite organization is representative of the interviewees’ organizations, and it is used to present the aggregate financial analysis in the next section. The composite organization has the following characteristics:
Description of composite. The composite organization is a global organization with multibillion-dollar annual revenue and 30,000 employees. It has 200 sites around the world, with site growth of 10% per year. Due to numerous legacy implementations worldwide, the composite organization is unable to successfully implement standard policies and procedures in either its network or security organizations, has numerous avoidable cybersecurity incidents, has avoidable network performance and outage issues, and pays high circuit and device costs.
Deployment characteristics. The composite organization is able to deploy Cato SASE without sending network or security team members to individual sites. Implementation is global and is done without disruptions to service. Local IT teams are able to enable Cato SD-WAN devices and dismantle existing infrastructure.
Global organization
Multibillion-dollar annual revenue
30,000 employees
200 sites, growing 10% per year
| Ref. | Benefit | Year 1 | Year 2 | Year 3 | Total | Present Value |
|---|---|---|---|---|---|---|
| Atr | Breach reduction | $829,975 | $854,446 | $881,572 | $2,565,993 | $2,123,014 |
| Btr | Labor savings due to productivity and improved outcomes | $820,250 | $820,250 | $820,250 | $2,460,750 | $2,039,840 |
| Ctr | Licensing and telecom cost savings | $4,254,750 | $4,254,750 | $4,254,750 | $12,764,250 | $10,580,934 |
| Dtr | Mergers and acquisitions savings for cutover and ongoing costs | $1,006,193 | $1,704,124 | $2,424,167 | $5,134,484 | $4,144,400 |
| Total benefits (risk-adjusted) | $6,911,167 | $7,633,571 | $8,380,739 | $22,925,477 | $18,888,188 |
Evidence and data. The interviewees shared that Cato SASE was a major contributor in reducing the likelihood of cybersecurity incidents and the significance of security incidents when they occurred. Interviewees shared that security risk is reduced from numerous facets of having a centralized solution, such as centralized policies and administration, a single tool for cybersecurity monitoring and response, and a single source for network security visibility.
Interviewees also spoke of having an improved security posture due to the breadth and strength of Cato SASE’s cybersecurity capabilities, including improved prevention, monitoring with automated responses, a significant reduction in distracting false positives, and rapid response capabilities. The manufacturer’s infrastructure and platform manager shared, “Cato removes 80% to 90% of the false positives.”
Modeling and assumptions. Based on the interviews, Forrester assumes the following about the composite organization:
The composite’s mean cumulative cost of total breaches is $2,815,000 in Year 1, $2,898,000 in Year 2, and $2,990,000 in Year 3.2
The composite’s likelihood of experiencing one or more breaches is 78%.3
The percentage of likely attacks addressable with Cato SASE's security components is 60%.
The composite’s reduced exposure to breach costs from addressable attacks with Cato SASE's security components is 70%.
Risks. This benefit may vary across organizations for the following reasons:
Region, industry, and organization size affect threat likelihood.
Maturity of cybersecurity team, data-capture capabilities, integration, and cybersecurity tool capabilities.
Sophistication of attacks.
Results. To account for these risks, Forrester adjusted this benefit downward by 10%, yielding a three-year, risk-adjusted total PV (discounted at 10%) of $2.1 million.
| Ref. | Metric | Source | Year 1 | Year 2 | Year 3 | |
|---|---|---|---|---|---|---|
| A1 | Cumulative cost of breaches | Forrester research | $2,815,000 | $2,898,000 | $2,990,000 | |
| A2 | Likelihood of experiencing one or more breaches | Forrester research | 78% | 78% | 78% | |
| A3 | Percentage of those attacks addressable with Cato SASE's security components | Interviews | 60% | 60% | 60% | |
| A4 | Annual risk exposure addressable with Cato SASE's security components | A1*A2*A3 | $1,317,420 | $1,356,264 | $1,399,320 | |
| A5 | Reduced exposure to breach costs from addressable attacks with Cato SASE's security components | Interviews | 70% | 70% | 70% | |
| At | Breach reduction | A4*A5 | $922,194 | $949,385 | $979,524 | |
| Risk adjustment | ↓10% | |||||
| Atr | Breach reduction (risk-adjusted) | $829,975 | $854,446 | $881,572 | ||
| Three-year total: $2,565,993 | Three-year present value: $2,123,024 | |||||
Evidence and data. Interviewees shared that their organizations’ network, security, and help desk organizations were able to reassign headcount after the Cato SASE deployment. Moving to a single centralized SASE platform with Cato SASE played a significant role in the achieved time savings, with a single solution for infrastructure, administration, monitoring, and responses eliminating redundant actions, providing standardization, and connecting incidents to response actions.
In addition, the Cato SASE platform streamlined and automated processes, including a reduction in incident false positives, automated detection and response, and sending incident response alerts directly to the appropriate people to address the incident. Finally, the Cato SASE platform reduced the frequency of cybersecurity incidents, network performance issues, and outages, thus reducing effort by network teams, security teams, help desk personnel, and local IT teams.
Modeling and assumptions. Based on the interviews, Forrester assumes the following about the composite organization:
The composite organization’s network team comprises 18 FTEs.
The composite organization’s security team comprises 15 FTEs.
FTE reduction across network and security teams is 20%.
The average fully burdened annual salary for network and security employees is $110,000.
The composite organization’s IT help desk comprises 20 FTEs.
FTE reduction of the IT help desk due to reduced disruptions and security incidents is 15%.
The average fully burdened annual salary for help desk employees is $65,000.
Risks. This benefit may vary across organizations for the following reasons:
Size of the network, security, and help desk organizations.
Number of sites and associated regions.
Maturity of the network and security solutions.
Maturity of network and security processes.
Results. To account for these risks, Forrester adjusted this benefit downward by 15%, yielding a three-year, risk-adjusted total PV (discounted at 10%) of $2.0 million.
| Ref. | Metric | Source | Year 1 | Year 2 | Year 3 | |
|---|---|---|---|---|---|---|
| B1 | Size of network team (FTEs) | Composite | 18 | 18 | 18 | |
| B2 | Size of security team (FTEs) | Composite | 15 | 15 | 15 | |
| B3 | Size of network and security teams (FTEs) | B1+B2 | 33 | 33 | 33 | |
| B4 | FTE reduction across network and security teams | Interviews | 20.0% | 20.0% | 20.0% | |
| B5 | FTE savings due to Cato SASE productivity improvements | B3*B4 | 7 | 7 | 7 | |
| B6 | Average fully burdened annual salary per network or security employee | Composite | $110,000 | $110,000 | $110,000 | |
| B7 | Subtotal: Network and security team labor savings | B5*B6 | $770,000 | $770,000 | $770,000 | |
| B8 | Size of IT help desk (FTEs) | Composite | 20 | 20 | 20 | |
| B9 | FTE savings due to reduced disruption and security incidents | Interviews | 15.0% | 15.0% | 15.0% | |
| B10 | Savings due to Cato SASE productivity improvements (FTEs) | B8*B9 | 3 | 3 | 3 | |
| B11 | Average fully burdened annual salary for a help desk employee | Composite | $65,000 | $65,000 | $65,000 | |
| B12 | Subtotal: Help desk labor savings | B10*B11 | $195,000 | $195,000 | $195,000 | |
| Bt | Labor savings due to productivity and improved outcomes | B7+B12 | $965,000 | $965,000 | $965,000 | |
| Risk adjustment | ↓15% | |||||
| Btr | Labor savings due to productivity and improved outcomes (risk-adjusted) | $820,250 | $820,250 | $820,250 | ||
| Three-year total: $2,460,750 | Three-year present value: $2,039,840 | |||||
Evidence and data. Interviewees shared that the Cato SASE Platform allowed them to deprecate many network and network security solutions, as well as transition to lower-cost internet connections and on-premises equipment. This was accomplished while also improving network performance and stability and providing cybersecurity risk reduction and labor productivity improvements, as covered in the prior two benefit sections.
Modeling and assumptions. Based on the interviews, Forrester assumes the following about the composite organization:
The composite organization’s annual legacy solution cost is $2,327,500.
The composite organization’s base site count is 200 sites.
The composite organization’s annual telecommunications cost savings per site is $12,000 per year.
Risks. This benefit may vary across organizations for the following reasons:
Legacy solution costs.
Number of sites.
Telecommunications costs.
Results. To account for these risks, Forrester adjusted this benefit downward by 10%, yielding a three-year, risk-adjusted total PV (discounted at 10%) of $10.6 million.
| Ref. | Metric | Source | Year 1 | Year 2 | Year 3 | |
|---|---|---|---|---|---|---|
| C1 | Reduced legacy solution cost | Interviews | $2,327,500 | $2,327,500 | $2,327,500 | |
| C2 | Site count | Composite | 200 | 200 | 200 | |
| C3 | Annual telecommunications cost savings per site | Interviews | $12,000 | $12,000 | $12,000 | |
| C4 | Subtotal: Telecommunications cost savings | C2*C3 | $2,400,000 | $2,400,000 | $2,400,000 | |
| Ct | Licensing and telecom cost savings | C1+C4 | $4,727,500 | $4,727,500 | $4,727,500 | |
| Risk adjustment | ↓10% | |||||
| Ctr | Licensing and telecom cost savings (risk-adjusted) | $4,254,750 | 4,254,750 | 4,254,750 | ||
| Three-year total: $12,764,250 | Three-year present value: $10,580,934 | |||||
Evidence and data. Interviewees shared that implementing Cato SASE required less expensive equipment; required far less labor; reduced implementation time from weeks or months to days; and cost less on an ongoing basis in licensing, telecommunications costs, and labor. Interviewees spoke of requiring little to no network and security team growth with the addition of most new sites.
Modeling and assumptions. Based on the interviews, Forrester assumes the following about the composite organization:
The composite organization’s site growth through mergers and acquisitions is 10% per year: 20 sites in Year 1, 22 sites in Year 2, and 24 sites in Year 3.
The average annual device cost per site before Cato SASE is $6,000 per year.
Cato SASE device cost is $600 per site.
Avoided network and security team growth is four FTEs in Year 1, eight FTEs in Year 2, and 12 FTEs in Year 3.
The average fully burdened annual salary for network and security employees is $110,000.
Implementation labor prior to Cato SASE is 40 hours per site.
Implementation labor with Cato SASE is 8 hours per site.
The fully burdened hourly rate for network and security team members is $60.
The composite sees total licensing savings of $232,750 in Year 1, $488,775 in Year 2, and $768,075 in Year 3.
Risks. This benefit may vary across organizations for the following reasons:
Number of sites.
Licensing costs.
Device costs.
Telecommunications costs.
Network and security team requirements.
Implementation requirements.
Results. To account for these risks, Forrester adjusted this benefit downward by 5%, yielding a three-year, risk-adjusted total PV (discounted at 10%) of $4.1 million.
| Ref. | Metric | Source | Year 1 | Year 2 | Year 3 | |
|---|---|---|---|---|---|---|
| D1 | Site growth through mergers and acquisitions | Composite | 20 | 22 | 24 | |
| D2 | Device cost before Cato SASE | Interviews | $6,000 | $6,000 | $6,000 | |
| D3 | Cato SASE device cost | Interviews | $600 | $600 | $600 | |
| D4 | Subtotal: M&A device savings | D1*(D2-D3) | $108,000 | $118,800 | $129,600 | |
| D5 | Annual telecommunications cost savings per site | Composite | $12,000 | $12,000 | $12,000 | |
| D6 | Subtotal: M&A device savings | D1*D5 | $240,000 | $264,000 | $288,000 | |
| D7 | Avoided network and security team growth (cumulative - FTE) | Interviews | 4 | 8 | 12 | |
| D8 | Fully burdened annual salary for network and security employees | Interviews | $110,000 | $110,000 | $110,000 | |
| D9 | Subtotal: Avoided network and security staffing as a result of M&A | D7*D8 | $440,000 | $880,000 | $1,320,000 | |
| D10 | Implementation labor prior to Cato Networks (hours per site) | Interviews | 40 | 40 | 40 | |
| D11 | Implementation labor with Cato Networks (hours per site) | Interviews | 8 | 8 | 8 | |
| D12 | Fully burdened hourly rate for network and security team members | Composite | $60 | $60 | $60 | |
| D13 | Subtotal: M&A implementation labor savings | D1*(D10-D11)*D12 | $38,400 | $42,240 | $46,080 | |
| D14 | Licensing savings | Composite | $232,750 | $488,775 | $768,075 | |
| Dt | Mergers and acquisitions savings for cutover and ongoing costs | D4+D6+D9+D13+D14 | $1,059,150 | $1,793,815 | $2,551,755 | |
| Risk adjustment | ↓5% | |||||
| Dtr | Mergers and acquisitions savings for cutover and ongoing costs (risk-adjusted) | $1,006,193 | $1,704,124 | $2,424,167 | ||
| Three-year total: $5,134,484 | Three-year present value: $4,144,400 | |||||
Interviewees mentioned the following additional benefits that their organizations experienced but were not able to quantify:
Visibility, regulatory compliance, and business operation improvements. Interviewees shared that the Cato SASE implementation went well beyond security improvements, network and network security team labor productivity, and direct cost savings. Having full visibility of the network and network security provides insights that drive strategy changes and improve reporting. Cato SASE has improved internal audit and regulatory compliance, and the reporting thereof. Network performance and outage improvements have had significant value for interviewees, although quantifying the improvements was limited.
Facilitated collaboration between the network and cybersecurity teams. Interviewees shared that by having a common tool in Cato SASE, the network and cybersecurity teams work better together than they had in the past. Interviewees described the teams helping each other more and including the other team more quickly, leading to better outcomes for both teams. The ingredients company’s enterprise technology director shared, “Collaboration between the network team and cybersecurity team improved because [it’s the] same tool, same vocabulary.” The chemicals company’s CIO added, “Both groups are now more aware of each other because everything’s in the same pane of glass.”
End-user satisfaction improvement. Interviewees shared that end users have been very positive about how Cato SASE has improved the work environment. Remote and mobile workers have reduced complaints and have provided positive feedback on remote worker improvements. The manufacturer’s infrastructure and platform manager explained: “Our users love our VPN. It is automatic — they don’t have to think about it.” Resolving performance issues and outages has also led to improved end-user satisfaction.
A trusted partner. Interviewees appreciate Cato Networks for its solution, services, and support. The director at a real estate services organization shared: “They are not just a partner — they are a true value partner and a value-adding partner to us. We’ve had a great track record with not only them as a company [but also with] their services, their physical hardware, and their support.”
The value of flexibility is unique to each customer. There are multiple scenarios in which a customer might implement Cato SASE Platform and later realize additional uses and business opportunities, including:
Expanding to new regions. The ease of implementation, combined with the simplicity of implementing Cato SASE and its flexibility in telecommunications access methods, have allowed for expansion into new geographic regions. Interviewees shared that they have connected sites using LTE, 5G, and satellite connectivity.
Facilitating mergers and acquisitions. The ease of implementation, simplified device footprint, shorter implementation window, and lower ongoing costs have made networking and network security a nonissue in expansion decisions, according to interviewees.
Flexibility would also be quantified when evaluated as part of a specific project (described in more detail in Total Economic Impact Approach).
| Ref. | Cost | Initial | Year 1 | Year 2 | Year 3 | Total | Present Value |
|---|---|---|---|---|---|---|---|
| Etr | Cato SASE licensing cost | $0 | $2,021,250 | $2,223,375 | $2,443,875 | $6,688,500 | $5,511,119 |
| Ftr | Implementation | $105,600 | $0 | $0 | $0 | $105,600 | $105,600 |
| Gtr | Mergers and acquisitions implementations | $0 | $10,560 | $11,616 | $12,672 | $34,848 | $28,721 |
| Total costs (risk-adjusted) | $105,600 | $2,031,810 | $2,234,991 | $2,456,547 | $6,828,948 | $5,645,440 |
Evidence and data. Interviewees described paying an annual licensing fee for Cato SASE. Pricing may vary. Contact Cato Networks for additional details.
Modeling and assumptions. Based on the interviews, Forrester assumes the following about the composite organization:
The base Cato SASE annual licensing cost is $1,750,000.
Cato SASE annual licensing for mergers and acquisitions total $175,000 in Year 1, $367,500 in Year 2, and $577,500 in Year 3.
Risks. This cost may vary across organizations for the following reasons:
Number of sites and users.
Service selection.
Pricing.
Results. To account for these risks, Forrester adjusted this cost upward by 5%, yielding a three-year, risk-adjusted total PV (discounted at 10%) of $5.5 million.
| Ref. | Metric | Source | Initial | Year 1 | Year 2 | Year 3 |
|---|---|---|---|---|---|---|
| E1 | Cato SASE base licensing | Interviews | $0 | $1,750,000 | $1,750,000 | $1,750,000 |
| E2 | Cato SASE M&A licensing | Interviews | $0 | $175,000 | $367,500 | $577,500 |
| Et | Cato SASE licensing cost | E1+E2 | $0 | $1,925,000 | $2,117,500 | $2,327,500 |
| Risk adjustment | ↑5% | |||||
| Etr | Risk adjustment (risk-adjusted) | $2,021,250 | $2,223,375 | $2,443,875 | ||
| Three-year total: $6,688,500 | Three-year present value: $5,511,119 | |||||
Evidence and data. Interviewees shared that implementing Cato SASE was easy compared to previous network implementations. Typically, a single device was required per site, which was installed by local IT staff. Since Cato SASE is a single-enterprise solution, policies and procedures were set up centrally and applied by roles and location only once. Interviewees shared that the site implementations were well-orchestrated and went smoothly.
Modeling and assumptions. Based on the interviews, Forrester assumes the following about the composite organization:
The composite organization implements Cato SASE at 200 sites.
Implementation labor constitutes an average of 8 hours per site.
The fully burdened hourly rate for network and security team members is $60 per hour.
Risks. This cost may vary across organizations for the following reasons:
Number of sites.
Site complexity.
Labor rates.
Implementation strategy.
Results. To account for these risks, Forrester adjusted this cost upward by 10%, yielding a three-year, risk-adjusted total PV (discounted at 10%) of $106,000.
| Ref. | Metric | Source | Initial | Year 1 | Year 2 | Year 3 |
|---|---|---|---|---|---|---|
| F1 | Site count | Composite | 200 | 0 | 0 | 0 |
| F2 | Implementation labor per site with Cato SASE (hours per site) | Interviews | 8 | 0 | 0 | 0 |
| F3 | Fully burdened hourly rate for network and security team members | D12 | $60 | $0 | $0 | $0 |
| Ft | Implementation costs | F1*F2*F3 | $96,000 | $0 | $0 | $0 |
| Risk adjustment | ↑10% | |||||
| Ftr | Implementation costs (risk-adjusted) | $105,600 | $0 | $0 | $0 | |
| Three-year total: $105,600 | Three-year present value: $105,600 | |||||
Evidence and data. As with the original implementation, interviewees described their M&A implementations as straightforward, fast, and uneventful.
Modeling and assumptions. Based on the interviews, Forrester assumes the following about the composite organization:
M&A site count is 20 sites in Year 1, 22 sites in Year 2, and 24 sites in Year 3.
Implementation labor totals an average of 8 hours per site.
The fully burdened hourly rate for network and security team members is $60 per hour.
Risks. This cost may vary across organizations for the following reasons:
Growth via M&A.
Site complexity.
Labor rates.
Results. To account for these risks, Forrester adjusted this cost upward by 10%, yielding a three-year, risk-adjusted total PV (discounted at 10%) of $29,000.
| Ref. | Metric | Source | Initial | Year 1 | Year 2 | Year 3 |
|---|---|---|---|---|---|---|
| G1 | M&A site count | D1 | 0 | 20 | 22 | 24 |
| G2 | Implementation labor per site with Cato SASE (hours per site) | F2 | 0 | 8 | 8 | 8 |
| G3 | Fully burdened hourly rate for network and security team members | D12 | $0 | $60 | $60 | $60 |
| Gt | Mergers and acquisitions implementations | G1*G2*G3 | $0 | $9,600 | $10,560 | $11,520 |
| Risk adjustment | ↑10% | |||||
| Gtr | Mergers and acquisitions implementations (risk-adjusted) | $0 | $10,560 | $11,616 | $12,672 | |
| Three-year total: $34,848 | Three-year present value: $28,721 | |||||
| Initial | Year 1 | Year 2 | Year 3 | Total | Present Value | |
|---|---|---|---|---|---|---|
| Total costs | ($105,600) | ($2,031,810) | ($2,234,991) | ($2,456,547) | ($6,828,948) | ($5,645,440) |
| Total benefits | $0 | $6,911,167 | $7,633,571 | $8,380,739 | $22,925,477 | $18,888,188 |
| Net benefits | ($105,600) | $4,879,357 | $5,398,580 | $5,924,192 | $16,096,529 | $13,242,748 |
| ROI | 235% | |||||
| Payback | <6 months |
The financial results calculated in the Benefits and Costs sections can be used to determine the ROI, NPV, and payback period for the composite organization’s investment. Forrester assumes a yearly discount rate of 10% for this analysis.
These risk-adjusted ROI, NPV, and payback period values are determined by applying risk-adjustment factors to the unadjusted results in each Benefit and Cost section.
The initial investment column contains costs incurred at “time 0” or at the beginning of Year 1 that are not discounted. All other cash flows are discounted using the discount rate at the end of the year. PV calculations are calculated for each total cost and benefit estimate. NPV calculations in the summary tables are the sum of the initial investment and the discounted cash flows in each year. Sums and present value calculations of the Total Benefits, Total Costs, and Cash Flow tables may not exactly add up, as some rounding may occur.
From the information provided in the interviews, Forrester constructed a Total Economic Impact™ framework for those organizations considering an investment in Cato SASE Platform.
The objective of the framework is to identify the cost, benefit, flexibility, and risk factors that affect the investment decision. Forrester took a multistep approach to evaluate the impact that Cato SASE Platform can have on an organization.
Interviewed Cato SASE Platform stakeholders and Forrester analysts to gather data relative to Cato SASE Platform.
Interviewed six decision-makers at organizations using Cato SASE Platform to obtain data about costs, benefits, and risks.
Designed a composite organization based on characteristics of the interviewees’ organizations.
Constructed a financial model representative of the interviews using the TEI methodology and risk-adjusted the financial model based on issues and concerns of the interviewees.
Employed four fundamental elements of TEI in modeling the investment impact: benefits, costs, flexibility, and risks. Given the increasing sophistication of ROI analyses related to IT investments, Forrester’s TEI methodology provides a complete picture of the total economic impact of purchase decisions. Please see Appendix A for additional information on the TEI methodology.
Benefits represent the value the solution delivers to the business. The TEI methodology places equal weight on the measure of benefits and costs, allowing for a full examination of the solution’s effect on the entire organization.
Costs comprise all expenses necessary to deliver the proposed value, or benefits, of the solution. The methodology captures implementation and ongoing costs associated with the solution.
Flexibility represents the strategic value that can be obtained for some future additional investment building on top of the initial investment already made. The ability to capture that benefit has a PV that can be estimated.
Risks measure the uncertainty of benefit and cost estimates given: 1) the likelihood that estimates will meet original projections and 2) the likelihood that estimates will be tracked over time. TEI risk factors are based on “triangular distribution.”
The present or current value of (discounted) cost and benefit estimates given at an interest rate (the discount rate). The PV of costs and benefits feed into the total NPV of cash flows.
The present or current value of (discounted) future net cash flows given an interest rate (the discount rate). A positive project NPV normally indicates that the investment should be made unless other projects have higher NPVs.
A project’s expected return in percentage terms. ROI is calculated by dividing net benefits (benefits less costs) by costs.
The interest rate used in cash flow analysis to take into account the time value of money. Organizations typically use discount rates between 8% and 16%.
The breakeven point for an investment. This is the point in time at which net benefits (benefits minus costs) equal initial investment or cost.
Total Economic Impact is a methodology developed by Forrester Research that enhances a company’s technology decision-making processes and assists solution providers in communicating their value proposition to clients. The TEI methodology helps companies demonstrate, justify, and realize the tangible value of business and technology initiatives to both senior management and other key stakeholders.
1 Total Economic Impact is a methodology developed by Forrester Research that enhances a company’s technology decision-making processes and assists solution providers in communicating their value proposition to clients. The TEI methodology helps companies demonstrate, justify, and realize the tangible value of business and technology initiatives to both senior management and other key stakeholders.
2 Cumulative breach costs are computed using the composite organization's size (revenue or number of employees) as an input to a regression analysis of reported total cumulative costs for all breaches for organizations that experienced at least one breach in the past 12 months. Source: Forrester's Security Survey, 2025, "Using your best estimate, what was the total cumulative cost of all breaches experienced by your organization in the past 12 months?" Base: 1,740 global security decision-makers who have experienced a breach in the past 12 months. The cumulative breach cost is then multiplied by a 67% likelihood for organizations to experience one or more breaches in a given year. Source: Forrester’s Security Survey, 2025, “How many times do you estimate that your organization's sensitive data was potentially compromised or breached in the past 12 months?” Base: 2,643 global security decision-makers
3 Percentage of breaches by primary attack vector, as reported by security decision-makers whose organizations experienced at least one breach in the last 12 months. Source: Forrester’s Security Survey, 2025, “Of the times that your organization's sensitive data was potentially compromised or breached in the past 12 months, please indicate how many of each fall into the categories below.” Base: 1,766 global security decision-makers who have experienced a breach in the past 12 months.
Readers should be aware of the following:
This study is commissioned by Cato Networks and delivered by Forrester Consulting. It is not meant to be used as a competitive analysis.
Forrester makes no assumptions as to the potential ROI that other organizations will receive. Forrester strongly advises that readers use their own estimates within the framework provided in the study to determine the appropriateness of an investment in Cato SASE Platform. For any interactive functionality, the intent is for the questions to solicit inputs specific to a prospect's business. Forrester believes that this analysis is representative of what companies may achieve with Cato SASE Platform based on the inputs provided and any assumptions made. Forrester does not endorse Cato SASE Platform or its offerings. Although great care has been taken to ensure the accuracy and completeness of this model, Cato SASE Platform and Forrester Research are unable to accept any legal responsibility for any actions taken on the basis of the information contained herein. The interactive tool is provided ‘AS IS,’ and Forrester and Cato SASE Platform make no warranties of any kind.
Cato SASE Platform reviewed and provided feedback to Forrester, but Forrester maintains editorial control over the study and its findings and does not accept changes to the study that contradict Forrester’s findings or obscure the meaning of the study.
Cato SASE Platform provided the customer names for the interviews but did not participate in the interviews.
Eric Hall
January 2026
ABOUT FORRESTER CONSULTING
Forrester provides independent and objective research-based consulting to help leaders deliver key transformation outcomes. Fueled by our customer-obsessed research, Forrester’s seasoned consultants partner with leaders to execute on their priorities using a unique engagement model that tailors to diverse needs and ensures lasting impact. For more information, visit forrester.com/consulting.
© Forrester Research, Inc. All rights reserved. Unauthorized reproduction is strictly prohibited. Information is based on best available resources. Opinions reflect judgment at the time and are subject to change. Forrester®, Technographics®, Forrester Wave, and Total Economic Impact are trademarks of Forrester Research, Inc. All other trademarks are the property of their respective companies.
https://mainstayadvisor.com/go/mainstay/gdpr/policy.html
PDF