The Total Economic Impact™ Of Cynet All in One Security
Cost Savings And Business Benefits Enabled By Cynet All in One Security
A Forrester Total Economic Impact™ Study Commissioned By Cynet, October 2024
Organizations face increasingly sophisticated cyber threats that demand comprehensive and efficient security solutions. The complexity and frequency of these threats necessitate a unified approach to cybersecurity that reduces the burden of managing multiple, disparate systems. Forrester’s research reveals that organizations struggle to manage these complexities, emphasizing the need for integrated security measures. Effective threat detection, prevention, and response are critical for safeguarding sensitive data and maintaining operational integrity.
Cynet provides an all-in-one cybersecurity solution that combines essential cybersecurity functions into a single platform, offering threat detection, prevention, and automated response. This approach reduces the need for multiple security vendors and complex integrations; it also simplifies costs and management efforts. Additionally, Cynet’s solution improves incident response by automating detection and resolution processes, and it includes 24/7 oversight from Cynet’s security operations center (SOC) team.
Cynet commissioned Forrester Consulting to conduct a Total Economic Impact™ (TEI) study and examine the potential return on investment (ROI) enterprises may realize by deploying Cynet All-in-One Security.1 The purpose of this study is to provide readers with a framework to evaluate the potential financial impact of Cynet All-in-One Security on their organizations.
Return on investment (ROI)
426%
Net present value (NPV)
$2.73M
To better understand the benefits, costs, and risks associated with this investment, Forrester interviewed the representative of an organization who has experience using Cynet All-in-One Security. Forrester used this experience to project a three-year financial analysis.
Prior to using Cynet All-in-One Security, the interviewee — who is the executive manager of IT at a wholesale and retail industry — noted that their organization had no established cybersecurity posture. The organization had legacy infrastructure and a fragmented security landscape that lacked essential capabilities, such as incident reporting. These limitations led the organization to explore finding a partner capable of enhancing its IT security posture with a mature and structured approach to elevating cybersecurity.
After the investment in Cynet All-in-One Security, the interviewee’s organization was able to embark on its digital transformation to modernize and secure their IT landscape. Key results from the investment included avoiding costs associated with orchestrating cybersecurity.
Key Findings
Quantified benefits. Three-year, risk-adjusted present value (PV) quantified benefits include:
- Savings of $349,000 from reducing the efforts for investigation and incident reporting. Cynet’s All-in-One Security platform provides built-in capabilities for incident investigation and reporting. This includes detection, forensic investigation, and log management in addition to its extended detection and response capabilities. These capabilities enable the composite organization to reduce the efforts required for a security resource to investigate a cyber incident by 88%. The platform is also capable of generating comprehensive incident reports and detailed dashboards, which reduces the effort required to manually develop an incident report by up to 98%. Together, the additional productivity savings amount to $349,000 for the composite organization over three years.
- Savings of $1.8 million from the efficient orchestration of cybersecurity components. Cynet’s platform integrates and unifies all cybersecurity components into a single, scalable, easy-to manage platform. This enables the composite organization to avoid investing in additional resources and operational overhead to manage its security posture. Cynet’s All-in-One Security license also includes 24/7 managed detection and response with round-the-clock monitoring and support, which eliminates the composite’s further investments in outsourcing its security operations center (SOC). Together, these savings amount to $1.8 million for the composite organization over three years.
- Savings of $279,000 from avoiding investments in other security solutions. Cynet’s platform integrates essential security components — such as centralized log management (CLM) systems; a security orchestration, automation, and response (SOAR) system; and mobile security — into one unified platform. This helps the composite organization eliminate the need for multiple standalone tools, reducing the complexity and the cost associated with such investments. These savings amount to $279,000 for the composite organization over three years.
- Savings of $933,000 from avoiding data breaches. Cynet’s integrated approach to security combines capabilities like endpoint detection and response, network traffic analysis, intrusion detection, threat intelligence, and managed detection and response, enabling it to detect, prevent, and respond to data breaches effectively. This enables the composite organization to avoid any loss of business associated with data breaches. These savings amount to $933,000 for the composite organization over three years.
Unquantified benefits. Benefits that are not quantified for this study include:
- The accelerated integration of new associates. The intuitive security orchestration system facilitates quicker onboarding of new team members, enhancing their integration into the security team and working environment.
- Improved work/life balance. The reduction in unexpected incidents requiring an emergency response contributes to a better work/life balance for IT security associates.
- Enhanced training and upskilling. The Cynet platform offers integrated training opportunities, allowing security associates to continuously develop their skills.
- Operational efficiency. Cynet helps avoid the additional compute and processing demands associated with product updates.
- A strategic partnership. Collaborating with Cynet fosters a strategic partnership that evolves and elevates the organization’s security landscape.
Costs. Three-year, risk-adjusted PV costs for the interviewee’s organization include:
- Platform subscription costs of $627,000. Subscription costs are based on the number of endpoints protected and include the platinum SOC services.
- Implementation costs of $13,700. Deployment involves an initial pilot followed by rollout and requires minimal efforts from the composite’s security team.
The interview and financial analysis found that the representative’s organization experiences benefits of $3.37 million over three years versus costs of $640,000, adding up to a net present value (NPV) of $2.73 million and an ROI of 426%.
Key Statistics
-
Return on investment (ROI)
426%
-
Benefits PV
$3.37M
-
Net present value (NPV)
$2.73M
-
Payback
<6 months
Benefits (Three-Year)
Investigation and incident management efficiency Security orchestration and resource cost avoidance Security infrastructure cost avoidance Savings from avoided data breaches [CONTENT] [CONTENT] [CONTENT]
TEI Framework And Methodology
From the information provided in the interviews, Forrester constructed a Total Economic Impact™ framework for those organizations considering an investment in Cynet All-in-One Security.
The objective of the framework is to identify the cost, benefit, flexibility, and risk factors that affect the investment decision. Forrester took a multistep approach to evaluate the impact that Cynet All-in-One Security can have on an organization.
-
Due Diligence
Interviewed Cynet stakeholders and Forrester analysts to gather data relative to Cynet All-in-One Security.
-
Interview
Interviewed the representative of an organization using Cynet All-in-One Security to obtain data with respect to costs, benefits, and risks.
-
Financial Model Framework
Constructed a financial model representative of the interview using the TEI methodology and risk-adjusted the financial model based on issues and concerns of the interviewee.
-
Case Study
Employed four fundamental elements of TEI in modeling the investment impact: benefits, costs, flexibility, and risks. Given the increasing sophistication of ROI analyses related to IT investments, Forrester’s TEI methodology provides a complete picture of the total economic impact of purchase decisions. Please see Appendix A for additional information on the TEI methodology.
Disclosures
Readers should be aware of the following:
This study is commissioned by Cynet and delivered by Forrester Consulting. It is not meant to be used as a competitive analysis.
Forrester makes no assumptions as to the potential ROI that other organizations will receive. Forrester strongly advises that readers use their own estimates within the framework provided in the study to determine the appropriateness of an investment in Cynet All-in-One Security.
Cynet reviewed and provided feedback to Forrester, but Forrester maintains editorial control over the study and its findings and does not accept changes to the study that contradict Forrester’s findings or obscure the meaning of the study.
Cynet provided the customer name for the interview but did not participate in the interview.
Consulting Team:
Bharath Sivan
Duncan Watkins
Drivers leading to the Cynet All-in-One Security investment
Interviewee’s Organization
Forrester interviewed the representative of an organization who has experience using Cynet All-in-One Security. Their organization has the following characteristics:
- $1 billion in revenues.
- North American operations.
- 1,250 employees.
- A centralized IT team with 20 employees.
- 3,500 endpoints.
Key Challenges
Before engaging with Cynet, the interviewee noted that their organization lacked an established cybersecurity posture. The organization faced significant challenges with outdated and inadequate IT infrastructure and cybersecurity measures. The interviewee said that their organization aimed to undergo a digital transformation to modernize and secure its IT landscape.
The interviewee noted how the organization struggled with common challenges, including:
- Legacy infrastructure that posed a significant threat. The interviewee revealed that their organization struggled with legacy infrastructure that was largely outdated. This included systems operating at functional levels that were no longer supported, and many endpoints were running on an obsolete operating system. This outdated infrastructure posed significant security risks for the organization.
- Limited cybersecurity measures. The interviewee also explained that the organization had very limited security measures in place before Cynet. The only tool it relied on was a basic endpoint protection solution, which was insufficient for comprehensive security needs. There was no cyber posture for critical elements, such as the server infrastructure, leaving significant gaps in its defense against cyber threats.
- Inadequate security expertise. The organizational structure also presented challenges for the organization. The IT team consisted of 20 professionals, but there was limited in-house cybersecurity expertise. The interviewee noted that this lack of specialized knowledge made it difficult to effectively manage and secure the IT environment.
- Security incidents. Before engaging with Cynet, the interviewee’s organization also experienced a security incident that highlighted the inadequacy of its existing security measures. This incident underscored the urgent need for a more robust cybersecurity posture.
Use Case Description
The interviewee’s organization operates in the wholesale and retail industry and decided to engage with Cynet on its mission to build and elevate its cybersecurity posture. The organization sought a partner that could evolve with it and provide ongoing support and updates to address emerging threats with a cost-effective, scalable solution. The interviewee noted, among other use cases, that their organization uses Cynet for the following primary use cases:
- Incident detection and response.
- The comprehensive protection of all endpoints.
- The orchestration of all cybersecurity elements.
- Managed security services.
For this use case, Forrester has modeled benefits and costs over three years.
Quantified benefit data
Total Benefits
| Ref. | Benefit | Year 1 | Year 2 | Year 3 | Total | Present Value |
|---|---|---|---|---|---|---|
| Atr | Investigation and incident management efficiency | $116,832 | $140,199 | $168,239 | $425,270 | $348,478 |
| Btr | Security orchestration and resource cost avoidance | $726,000 | $726,000 | $726,000 | $2,178,000 | $1,805,455 |
| Ctr | Security infrastructure cost avoidance | $112,200 | $112,200 | $112,200 | $336,600 | $279,025 |
| Dtr | Savings from avoided data breaches | $375,000 | $375,000 | $375,000 | $1,125,000 | $932,569 |
| Total benefits (risk-adjusted) | $1,330,032 | $1,353,399 | $1,381,439 | $4,064,870 | $3,365,527 | |
Investigation And Incident Management Efficiency
Evidence and data. The interviewee highlighted how Cynet’s built-in capabilities for investigation and reporting helped reduce the IT security team’s significant efforts in this area. Prior to using Cynet, investigating each significant security incident used to take up to 2 hours. This involved security personnel piecing together information from multiple different systems to create a manual interpretation of the incident. With Cynet, forensic summaries are available automatically, which has reduced the time taken for investigation by 88%. Additionally, before Cynet, an incident report used to take up to two business days to develop: It involved multiple reviews to verify the accuracy of the information and preparation for presentation to executives. With Cynet, reports with granular levels of detail are automatically generated, which has resulted in a 98% reduction in the time required to prepare an incident report.
Modeling and assumptions. Based on interview data and research, Forrester assumes the following:
- The average number of security incidents requiring manual intervention is 270 per year. This figure increases by 20% each year as the attack surfaces and landscape evolve.
- The average number of hours spent on investigation before Cynet is 2 hours per incident.
- The average number of hours spent on preparing an incident report before Cynet is 2 days per incident.
- The average fully burdened annual salary of a security full-time equivalent (FTE) is $121,500.
- A productivity capture rate of 50% is applied as a TEI standard, as it can be assumed that only a certain part of the time saved is reallocated by users to productive work.
Risks. This benefit may vary for organizations based on the following:
- The number of incidents requiring manual investigation per year.
- The average time required for investigation and report preparation.
- The average fully burdened annual salary of a security FTE.
Results. To account for these risks, Forrester adjusted this benefit downward by 15%, yielding a three-year, risk-adjusted total PV (discounted at 10%) of $348,478.
Investigation And Incident Management Efficiency
| Ref. | Metric | Source | Year 1 | Year 2 | Year 3 |
|---|---|---|---|---|---|
| A1 | Average number of security incidents per year requiring manual investigation or intervention | Industry report | 270 | 324 | 389 |
| A2 | Average hours spent per investigation (Hrs) | Interview | 2 | 2 | 2 |
| A3 | Reduction in effort required to investigate incidents with Cynet | Interview | 87.5% | 87.5% | 87.5% |
| A4 | Average hours spent per developing incident reports (Hrs) | Interview | 16 | 16 | 16 |
| A5 | Reduction in effort to develop incident reports with Cynet | Interview | 98% | 98% | 98% |
| A6 | Average fully burdened hourly salary of security FTE | TEI standard | $58 | $58 | $58 |
| A7 | Productivity recapture rate (TEI standard) | TEI standard | 50% | 50% | 50% |
| At | Investigation and incident management efficiency | ((A1*A2*A3*A6)+ (A1*A4*A5*A6))*A7 | $137,450 | $164,940 | $197,928 |
| Risk adjustment | ↓15% | ||||
| Atr | Investigation and incident management efficiency (risk-adjusted) | $116,832 | $140,199 | $168,239 | |
| Three-year total: $425,270 | Three-year present value: $348,478 | ||||
Security Orchestration And Resource Cost Avoidance
Evidence and data. The interviewee pointed out that Cynet’s ability to centralize their organization’s orchestration of cyber defense enabled significant savings. Comprehensive data aggregation and analysis from various security tools and solutions allowed the IT security team to monitor and manage all aspects of its cybersecurity posture from a single interface. The interviewee stated that orchestrating their organization’s cybersecurity posture without Cynet would require an additional five full-time resources. Cynet’s subscription also gave 24/7 SOC support, providing real-time monitoring and expert analysis of security incidents. Without Cynet, the organization would have had to outsource its SOC support, which would have required additional investment.
Modeling and assumptions. Based on interview data and research, Forrester assumes the following:
- The composite would require five additional FTEs to achieve a security posture similar to that provided by Cynet.
- The average fully burdened annual salary of a security FTE is $121,500.
- The cost of outsourcing SOC support is $300,000 per year.
Risks. This benefit may vary for organizations based on the following:
- The number of resources required to achieve Cynet’s level of security orchestration.
- The cost of outsourcing SOC support.
Results. To account for these risks, Forrester adjusted this benefit downward by 20%, yielding a three-year, risk-adjusted total PV (discounted at 10%) of $1,805,455.
Security Orchestration And Resource Cost Avoidance
| Ref. | Metric | Source | Year 1 | Year 2 | Year 3 |
|---|---|---|---|---|---|
| B1 | Additional FTEs required to orchestrate cybersecurity landscape without Cynet | Interview | 5 | 5 | 5 |
| B2 | Fully burdened annual salary for a security FTE | Interview | $121,500 | $121,500 | $121,500 |
| B3 | Annual cost for outsourced SOC support | Interview | $300,000 | $300,000 | $300,000 |
| Bt | Security orchestration and resource cost avoidance | (B1*B2)+B3 | $907,500 | $907,500 | $907,500 |
| Risk adjustment | ↓20% | ||||
| Btr | Security orchestration and resource cost avoidance (risk-adjusted) | $726,000 | $726,000 | $726,000 | |
| Three-year total: $2,178,000 | Three-year present value: $1,805,455 | ||||
Security Infrastructure Cost Avoidance
Evidence and data. The interviewee highlighted that Cynet’s All-in-One solution significantly reduced their organization’s need for separate security products, thereby eliminating additional costs and simplifying management. Without Cynet, the organization would have required additional investments in a centralized log management CLM system; a security orchestration, automation, and response (SOAR) system; and mobile security solutions. Additionally, Cynet’s built-in security elements enabled the organization to deactivate components of its existing antivirus solution, further contributing to cost savings.
Modeling and assumptions. Based on interview data and research, Forrester assumes the following:
- The annual costs associated with a CLM system are estimated to be $50,000.
- The annual costs associated with a SOAR system are estimated to be $50,000.
- The annual costs associated with mobile security solutions are estimated to be $7,000.
- The cost savings from turning off elements of the existing antivirus solution is estimated to be $25,000.
Risks. This benefit may vary for organizations based on the following:
- An organization’s decision to layer on cybersecurity solutions for additional protection.
- The costs associated with CLM, SOAR, and mobile security solutions.
Results. To account for these risks, Forrester adjusted this benefit downward by 15%, yielding a three-year, risk-adjusted total PV (discounted at 10%) of $279,025.
Security Infrastructure Cost Avoidance
| Ref. | Metric | Source | Year 1 | Year 2 | Year 3 |
|---|---|---|---|---|---|
| C1 | Centralized log management (CLM) license cost avoidance | Interview | $50,000 | $50,000 | $50,000 |
| C2 | Security orchestration, automation, and response (SOAR) license cost avoidance | Interview | $50,000 | $50,000 | $50,000 |
| C3 | Mobile security license cost avoidance | Interview | $7,000 | $7,000 | $7,000 |
| C4 | Cost avoidance from turning off elements of existing security solutions | Interview | $25,000 | $25,000 | $25,000 |
| Ct | Security infrastructure cost avoidance | C1+C2+C3+C4 | $132,000 | $132,000 | $132,000 |
| Risk adjustment | ↓15% | ||||
| Ctr | Security infrastructure cost avoidance (risk-adjusted) | $112,200 | $112,200 | $112,200 | |
| Three-year total: $336,600 | Three-year present value: $279,025 | ||||
Savings From Avoided Data Breaches
Evidence and data. The interviewee highlighted Cynet’s robust capabilities to prevent, manage, and remediate data breach incidents. Cynet’s platform leverages automated threat detection and response playbooks to swiftly handle threats, minimize human error, and accelerate incident response. Additionally, the 24/7 monitoring and expert support from Cynet’s CyOps team ensures that any detected threats are promptly addressed, preventing potential breaches from escalating. These capabilities, combined with Cynet’s forensic threat intelligence, helped the interviewee’s organization manage and remediate a data breach incident with minimal disruption to business as usual.
Modeling and assumptions. Based on interview data and research, Forrester assumes the following:
- The average number of major data breach incidents per year is estimated to be 2.5.
- The number of business days impacted due to data breach incidents per year is one. The loss of business associated with data breaches is $200,000 per day.
Risks. This benefit may vary for organizations based on the following:
- The number of major data breach incidents.
- The severity of the incidents and the number of business days affected.
Results. To account for these risks, Forrester adjusted this benefit downward by 25%, yielding a three-year, risk-adjusted total PV (discounted at 10%) of $932,569.
Savings From Avoided Data Breaches
| Ref. | Metric | Source | Year 1 | Year 2 | Year 3 |
|---|---|---|---|---|---|
| D1 | Number of major data breach incidents | Interview | 2.5 | 2.5 | 2.5 |
| D2 | Number of business days impacted due to incident | Interview | 1 | 1 | 1 |
| D3 | Loss of business associated with a data breach incident (per day) | Interview | $200,000 | $200,000 | $200,000 |
| Dt | Savings from avoided data breaches | D1*(D2*D3) | $500,000 | $500,000 | $500,000 |
| Risk adjustment | ↓25% | ||||
| Dtr | Savings from avoided data breaches (risk-adjusted) | $375,000 | $375,000 | $375,000 | |
| Three-year total: $1,125,000 | Three-year present value: $932,569 | ||||
Unquantified Benefits
The interviewee mentioned the following additional benefits that the organization experienced but was not able to quantify:
- The accelerated integration of new associates. The interviewee highlighted that the ease of use and intuitiveness of Cynet’s platform helped new associates get started in their new roles easily. The platform’s interface and presentation, particularly its unique radar visualization, were standout features that made it visually appealing and easy to navigate. This, combined with the ability to manage various cybersecurity aspects from a single pane of glass, greatly enhanced the platform’s usability. As a result, new associates could quickly familiarize themselves with the system, learn its functionalities, and start using it effectively with minimal effort.
- Improved work/life balance. The interviewee explained that Cynet’s platinum SOC service provides real-time response and manual intervention when necessary, which offers the peace of mind of knowing that a human element is always monitoring and addressing potential issues. This meant that the internal team did not have to be on constant alert for emergencies, which reduced the stress and workload associated with potential cybersecurity threats, especially with limited resources and expertise.
- Enhanced training and upskilling. Cynet’s platform offers integrated training opportunities, allowing security associates to continuously develop their skills. The interviewee highlighted that the training is comprehensive enough that even administrators without third-party certifications can become effective users of the platform. This capability not only accelerates the onboarding process but also ensures that the team remains up to date on the latest cybersecurity practices and tools. The interviewee also stated that this has had a positive impact on the organization’s recruitment strategy by allowing the team to hire candidates who are a good fit culturally and can be trained, rather than needing to hire only those with the highest skills and certifications. This approach has proven to be both cost-effective and efficient, fostering a culture of continuous learning and adaptability within the organization.
- Operational efficiency. The interviewee also explained that having multiple security solutions running on endpoints resulted in increased resource consumption. Having multiple solutions running simultaneously also led to higher processing power and RAM usage as well as potential conflicts between the agents. With Cynet, the organization was able to streamline operations, reduce the processing load on endpoints, and avoid the intrinsic costs associated with running multiple security solutions. This optimization not only improved system performance but also contributed to a more efficient and cost-effective IT environment.
- A strategic partnership. The interviewee underscored Cynet’s commitment to evolving its platform based on customer feedback, such as developing new integrations; this demonstrated Cynet’s dedication to meeting the organization’s specific needs. This adaptability and responsiveness helped the organization stay ahead of emerging threats and maintain a robust security posture. Overall, the interviewee revealed that its strategic partnership with Cynet has enabled the organization to implement a layered defense strategy, optimize resource allocation, and achieve a higher level of cybersecurity maturity.
Flexibility
The value of flexibility is unique to each customer. There are multiple scenarios in which a customer might implement Cynet All-in-One Security and later realize additional uses and business opportunities, including:
- Workload optimization. By freeing up the workload for security associates, Cynet enabled the interviewee’s IT team to focus on higher-value-add tasks. Cynet’s automation capabilities and 24/7 SOC support significantly reduced the time and effort required for routine security monitoring and incident response. This allowed the IT team to focus on strategic initiatives, such as deploying new technologies and improving infrastructure. For instance, the IT security team took over responsibilities for patching and endpoint management, which were previously handled by the infrastructure team. This reallocation allowed the infrastructure team to concentrate on enhancing the overall IT environment.
- Continuous enhancements. The interviewee highlighted how Cynet’s commitment to continuous product expansion has significantly benefited the organization by ensuring that its security measures remain robust and up to date. Cynet’s recent rollout of email phishing protection and the ability to roll back Windows machines to previous states based on snapshots have further enhanced the organization’s security posture. These continuous updates and new features have allowed the organization to consolidate its security tools, reduce its reliance on multiple vendors, and streamline its operations.
Flexibility would also be quantified when evaluated as part of a specific project (described in more detail in Appendix A).
Quantified cost data
Total Costs
| Ref. | Cost | Initial | Year 1 | Year 2 | Year 3 | Total | Present Value |
|---|---|---|---|---|---|---|---|
| Etr | Cynet All-in-One Security subscription costs | $0 | $252,000 | $252,000 | $252,000 | $756,000 | $626,687 |
| Ftr | Implementation efforts | $13,739 | $0 | $0 | $0 | $13,739 | $13,739 |
| Total costs (risk-adjusted) | $13,739 | $252,000 | $252,000 | $252,000 | $769,739 | $640,426 | |
Cynet All-in-One Security Subscription Costs
Evidence and data. The main cost component for Cynet’s All-in-One Security solution is the subscription fee. The composite organization leverages the All-in-One Security service to its fullest extent and uses it for identities, cloud, endpoints, network, and mobile.
Modeling and assumptions. Based on interview data and research, Forrester assumes the following:
- Subscription costs remain stable over the three years.
- Cynet’s All-in-One Security service includes identities, cloud, endpoints, network, and mobile.
- Cynet’s platinum SOC service is also included in the license costs.
Risks. This cost may vary based on:
- The extent to which an organization uses the All-in-One Security solution. If modules (e.g., identities, cloud, endpoints, and network) are excluded from the composite setup, the cost may be reduced.
Results. To account for these risks, Forrester adjusted this cost upward by 5%, yielding a three-year, risk-adjusted total PV (discounted at 10%) of $626,687.
Cynet All-in-One Security Subscription Costs
| Ref. | Metric | Source | Initial | Year 1 | Year 2 | Year 3 | |
|---|---|---|---|---|---|---|---|
| E1 | Cynet All-in-One Security annual subscription fee | Composite | $240,000 | $240,000 | $240,000 | ||
| Et | Cynet All-in-One Security subscription costs | E1 | $240,000 | $240,000 | $240,000 | ||
| Risk adjustment | ↑5% | ||||||
| Etr | Cynet All-in-One Security subscription costs (risk-adjusted) | $0 | $252,000 | $252,000 | $252,000 | ||
| Three-year total: $756,000 | Three-year present value: $626,687 | ||||||
Implementation Efforts
Evidence and data. Cynet’s All-in-One Security solution required implementation and setup efforts. These involved a pilot phase, which was followed by the rollout to the entire organization. The pilot phase lasted three weeks; the rollout was completed in four. Both these phases involved four associates from the interviewee’s organization supporting Cynet’s team.
Modeling and assumptions. Based on interview data and research, Forrester assumes the following:
- The composite organization dedicates four FTEs to the proof-of-concept pilot and rollout, utilizing 20% of their time.
- The fully burdened hourly rate for a security FTE is $58.
Risks. This cost may vary based on:
- The experience of the resources managing the Cynet All-in-One Security solution.
- The number of resources dedicated to management tasks for the Cynet All-in-One Security solution.
- The fully burdened hourly rate for a security FTE.
Results. To account for these risks, Forrester adjusted this cost upward by 5%, yielding a three-year, risk-adjusted total PV (discounted at 10%) of $13,739.
Implementation Efforts
| Ref. | Metric | Source | Initial | Year 1 | Year 2 | Year 3 |
|---|---|---|---|---|---|---|
| F1 | Time spent on pilot testing (Hrs) | Interview | 120 | |||
| F2 | Number of FTEs involved in pilot testing | Interview | 4 | |||
| F3 | Percentage of FTE involvement during pilot testing | Interview | 20% | |||
| F4 | Average fully burdened hourly salary of security FTE | Interview | $58 | |||
| F5 | Subtotal: Effort associated with piloting Cynet | F1*F2*F3*F4 | $5,608 | |||
| F6 | Time spent on rollout (Hrs) | Interview | 160 | |||
| F7 | Number of FTEs involved in rollout | Interview | 4 | |||
| F8 | Percentage of FTE involvement during rollout | Interview | 20% | |||
| F9 | Subtotal: Effort associated with rollout of Cynet | F4*F6*F7*F8 | $7,477 | |||
| Ft | Implementation efforts | F5+F9 | $13,085 | |||
| Risk adjustment | ↑5% | |||||
| Ftr | Implementation efforts (risk-adjusted) | $13,739 | $0 | $0 | $0 | |
| Three-year total: $13,739 | Three-year present value: $13,739 | |||||
Consolidated Three-Year Risk-Adjusted Metrics
Cash Flow Chart (Risk-Adjusted)
Total costs Total benefits Cumulative net benefits Initial Year 1 Year 2 Year 3-
The financial results calculated in the Benefits and Costs sections can be used to determine the ROI, NPV, and payback period for the organization’s investment. Forrester assumes a yearly discount rate of 10% for this analysis.
These risk-adjusted ROI, NPV, and payback period values are determined by applying risk-adjustment factors to the unadjusted results in each Benefit and Cost section.
Cash Flow Analysis (Risk-Adjusted Estimates)
| Initial | Year 1 | Year 2 | Year 3 | Total | Present Value | |
|---|---|---|---|---|---|---|
| Total costs | ($13,739) | ($252,000) | ($252,000) | ($252,000) | ($769,739) | ($640,426) |
| Total benefits | $0 | $1,330,032 | $1,353,399 | $1,381,439 | $4,064,870 | $3,365,527 |
| Net benefits | ($13,739) | $1,078,032 | $1,101,399 | $1,129,439 | $3,295,131 | $2,725,101 |
| ROI | 426% | |||||
| Payback period (months) | <6 | |||||
Appendix A: Total Economic Impact
Total Economic Impact is a methodology developed by Forrester Research that enhances a company’s technology decision-making processes and assists vendors in communicating the value proposition of their products and services to clients. The TEI methodology helps companies demonstrate, justify, and realize the tangible value of IT initiatives to both senior management and other key business stakeholders.
Total Economic Impact Approach
-
Benefits represent the value delivered to the business by the product. The TEI methodology places equal weight on the measure of benefits and the measure of costs, allowing for a full examination of the effect of the technology on the entire organization.
-
Costs consider all expenses necessary to deliver the proposed value, or benefits, of the product. The cost category within TEI captures incremental costs over the existing environment for ongoing costs associated with the solution.
-
Flexibility represents the strategic value that can be obtained for some future additional investment building on top of the initial investment already made. Having the ability to capture that benefit has a PV that can be estimated.
-
Risks measure the uncertainty of benefit and cost estimates given: 1) the likelihood that estimates will meet original projections and 2) the likelihood that estimates will be tracked over time. TEI risk factors are based on “triangular distribution.”
The initial investment column contains costs incurred at “time 0” or at the beginning of Year 1 that are not discounted. All other cash flows are discounted using the discount rate at the end of the year. PV calculations are calculated for each total cost and benefit estimate. NPV calculations in the summary tables are the sum of the initial investment and the discounted cash flows in each year. Sums and present value calculations of the Total Benefits, Total Costs, and Cash Flow tables may not exactly add up, as some rounding may occur.
Appendix B: Endnotes
1 Total Economic Impact is a methodology developed by Forrester Research that enhances a company’s technology decision-making processes and assists vendors in communicating the value proposition of their products and services to clients. The TEI methodology helps companies demonstrate, justify, and realize the tangible value of IT initiatives to both senior management and other key business stakeholders.
2 Source: Forrester Consulting Cost Of A Cybersecurity Breach Survey, Q4 2020.
PDF 