[CONTENT]
$
USD
Total Economic Impact
Cost Savings And Business Benefits Enabled By Flare
A FORRESTER TOTAL ECONOMIC IMPACT STUDY COMMISSIONED BY Flare, July 2025
Total Economic Impact
A FORRESTER TOTAL ECONOMIC IMPACT STUDY COMMISSIONED BY Flare, July 2025
As corporate IT security environments become increasingly complex, threat actors wreak more havoc faster than ever, causing severe financial implications for organizations that are unprepared. With 18% of external attacks carried out using weak or stolen credentials, acting quickly on detected threats is key.1 Threat intelligence tools provide vital data and insights to mitigate exposures of credentials and other assets that may lead to ransomware attacks, data breaches, and security incidents.
Flare is an external threat intelligence solution. It provides threat intelligence by monitoring and unifying data from cybercrime communities across the clear and dark web. In particular, Flare places emphasis on identity threat exposures and gives alerts for leaked credentials, active sessions, stealer logs, and related threats found in these environments.
Flare commissioned Forrester Consulting to conduct a Total Economic Impact™ (TEI) study and examine the potential return on investment (ROI) enterprises may realize by deploying Flare.2 The purpose of this study is to provide readers with a framework to evaluate the potential financial impact of Flare on their organizations.
To better understand the benefits, costs, and risks associated with this investment, Forrester interviewed five decision-makers from four organizations with experience using Flare. For the purposes of this study, Forrester aggregated the experiences of the interviewees and combined the results into a single composite organization, which is a global technology organization with a security team of 25 and revenue of $10 billion per year.
Interviewees said that prior to using Flare, their organizations used another threat intelligence solution but were dissatisfied with the level of intelligence and service it provided. These limitations led to delays in identity exposures and dark web activity, often detecting threats too late. In addition, the interviewees experienced inefficiencies due to manual efforts, alert fatigue, and high costs.
After the investment in Flare, the interviewees received detailed, transparent, actionable intelligence including malware logs, copies of data, and actual passwords. The quality of this data allowed them to quickly identify and mitigate risks associated with credential exposure.
Quantified benefits. Three-year, risk-adjusted present value (PV) quantified benefits for the composite organization include:
A 25% reduction in the likelihood of a severe data breach, reducing the cost of a material breach. The composite organization has a 68% likelihood of experiencing one or more serious data breaches per year in which the organization’s data is potentially compromised, at an average potential cost of $4.4 million. With Flare, the composite reduces by 25% the likelihood of a severe data breach caused by an external attack. For the composite, enabling Flare helps the organization avoid $509,000 in costs associated with a material breach.
A 25% increase in efficiency in labor hours devoted to threat intelligence. The composite reduces the amount of time spent on threat intelligence tasks including dark web research, incident response, internal offensive security operations, threat reporting, threat risk prioritization, and language translation. This allows the security team to reallocate more than 1,300 hours to higher-level activities, resulting in $167,000 of avoided labor costs.
A 31% reduction in license fees by moving from prior solution to Flare with a reduction in internal labor hours for maintenance. The composite organization is able to eliminate the license costs for the prior threat intelligence solution as well as ongoing maintenance labor hours for that solution, saving $240,000 in costs over three years.
Unquantified benefits. Benefits that provide value for the composite organization but are not quantified for this study include:
Flare team engagement and support. The composite organization values the high level of engagement and dedication demonstrated by the Flare team as they partner to solve threat issues. This partnership enables the composite to expand the size of its team by leaning on the Flare team for support.
Visibility into threat actor and cybercrime ecosystems. By gaining visibility into the attackers’ world, including dark web chats, the composite organization can see how attackers are behaving. This visibility helps the composite stay ahead of potential security issues.
Costs. Three-year, risk-adjusted PV costs for the composite organization include:
Subscription fees are $208,000. Flare’s license fees are based on the number of identifiers, which are items used to monitor activities related to different resources including domains, names, keywords, IP addresses, bank identification numbers (BIN), and queries (a potential combination of several identifier types).
Integration and training costs total less than $10,000. In addition to fees paid to Flare for the license, the composite incurs internal costs related to the implementation of and training on the solution.
The financial analysis that is based on the interviews found that a composite organization experiences benefits of $916,000 over three years versus costs of $218,000, adding up to a net present value (NPV) of $699,000 and an ROI of 321%.
Return on investment (ROI)
Benefits PV
Net present value (NPV)
Payback
| Role | Industry | Region | Revenue | Security Team Size | Identifiers |
|---|---|---|---|---|---|
| VP of software and cloud | Telecom | Global | $13 billion | 60 | 1,000 |
|
• Senior incident and hunting specialist • Cybersecurity technology advisor |
Consulting | Global | $1 billion | 6 | 4,000 |
| Senior incident response engineer | Electronics | Global | $27 billion | 30 | 5,000 |
| Director of IT | Sports | Canada | Not for profit | 3 | 1,000 |
Before adopting Flare, the interviewees’ organizations used various other threat intelligence solutions but were generally dissatisfied with the level of intelligence and service they provided.
Interviewees noted how their organizations struggled with common challenges, including:
Lack of detailed threat intelligence. Prior solutions cast a wide net and provided general intelligence, but they did not provide depth and detail. This lack of detailed intelligence made it difficult for organizations to act in a timely manner. The senior incident response engineer at the electronics firm said, “We had the top of the iceberg, but we didn’t have what was beneath the surface.”
Prior solution providers were unable to provide the details interviewees needed to act quickly to mitigate the risk. The same senior incident response engineer said, “In our prior environment, we would receive an alert that we potentially had an infected system, but when we asked for more detailed information including malware logs, they told us no.”
Inefficiencies due to manual effort. Interviewees described the significant manual effort required for threat intelligence gathering, dark web monitoring, and incident response. This included manual investigations and correlation of data from multiple siloed tools. The VP of software and cloud at the telecom noted: “We spent a lot of time doing manual threat monitoring and management, including manual searches on the dark web. Our use of multiple unintegrated tools required manual correlation of information, leading to inconsistencies and inefficiencies.”
Alert fatigue. The interviewees’ organizations experienced a high volume of alerts, many of which were false positives. This created alert fatigue and added noise, making it difficult to prioritize and respond to genuine threats. The VP of software and cloud explained, “The sheer volume of alerts generated by threat intelligence feeds led to alert fatigue among our security team, making it difficult to maintain a high level of vigilance.”
High costs. Several interviewees thought their prior solutions were expensive, especially when they failed to deliver detailed, actionable intelligence. Prior vendors’ cost models, particularly those charging by the seat, were perceived as restrictive and not scalable. The cybersecurity technology advisor at the consulting firm said: “We felt that the existing service was getting too expensive for the limited visibility it was giving us. Also, we did not like the seat-based licensing model, because we kept feeling boxed in.”
The interviewees searched for a solution that could provide:
Detailed, actionable intelligence. This included actual passwords, malware logs, copies of data, and what specifically had been exfiltrated from compromised machines. The director of IT at the sports company said, “We wanted intelligence that wasn’t too broad — we needed something we could act on.”
Broad data sources and coverage. Interviewees’ organizations sought the ability to aggregate intelligence from a wide range of sources. The senior incident response engineer at the electronics firm said, “We needed to see what was happening on the dark web forums, [messaging channels], all of it.”
Integration capabilities. The interviewees wanted seamless integration with existing security infrastructure such as security information and event management (SIEM) and security orchestration, automation, and response (SOAR) tools to enrich internal alerts. The VP of software and cloud at the telecom said: “We didn’t want another siloed tool. It had to integrate with our existing stack.”
Cost-effectiveness and scalability. The interviewees were not looking for a low-cost solution, but rather a solution that delivered value and flexibility. The senior incident and hunting specialist at the consulting firm said: “The pricing model had to make sense. We didn’t want to be pinned to a seat-based model.”
Based on the interviews, Forrester constructed a TEI framework, a composite company, and an ROI analysis that illustrates the areas financially affected. The composite organization is representative of the interviewees’ organizations, and it is used to present the aggregate financial analysis in the next section. The composite organization has the following characteristics:
Description of composite. The composite is a globally distributed organization generating $10 billion in annual revenue. It employs 15,000 people worldwide, with 25 FTEs dedicated to security operations and incident response. The composite’s contract with Flare includes 4,000 identifiers.
Deployment characteristics. The composite organization begins using Flare in Year 1, following a one-week implementation period.
$10 billion in revenue
15,000 employees
25 FTEs on security team
4,000 identifiers
| Ref. | Benefit | Year 1 | Year 2 | Year 3 | Total | Present Value |
|---|---|---|---|---|---|---|
| Atr | Reduced risk of exposure to breach | $204,705 | $204,705 | $204,705 | $614,114 | $509,071 |
| Btr | Labor efficiencies | $67,129 | $67,129 | $67,129 | $201,388 | $166,940 |
| Ctr | Reduction in costs | $96,688 | $96,688 | $96,688 | $290,063 | $240,448 |
| Total benefits (risk-adjusted) | $368,522 | $368,522 | $368,522 | $1,105,565 | $916,459 |
Evidence and data. Interviewees said the quality of the intelligence Flare produced helped them detect threats and take action before the threats caused financial losses or damaged their organization’s brand. Interviewees described the intelligence Flare provided as:
Actionable. The senior incident and hunting specialist at the consulting firm described how they were able to get ahead of a threat before the credentials were weaponized: “It’s very proactive with Flare. We know when the credential has been taken. We know when they go up for sale. We know when they’ve been sold. What Flare allows us to do is get ahead of it, get it blocked, [and] get it locked down before it’s sold and weaponized.”
The cybersecurity technology advisor at the consulting form described the speed with which they could act before harm was done: “The key use case is the speed that we can react at. If somebody is masquerading as the organization for the purposes of phishing, we can get that phishing domain taken down. It’s actionable.”
Transparent. Compared to prior solutions, interviewees described how Flare doesn’t just tell them a threat is present, it lets them see how they have been compromised. The cybersecurity technology advisor at the consulting firm described the ability to see content in a forum chat used by the threat actors: “This is what we love about Flare. It gives us very specific threat intelligence that we can react to and secure ourselves. Instead of just knowing there’s a threat actor active in our area, we can see the forum chat of the members of that crime gang. It doesn’t just say there’s an attack coming, we can see the tools, tactics, and procedures the actor will use against us.”
The senior incident and hunting specialist at the consulting firm described the value of having access to the malware logs: “We can access the malware logs and see exactly what credentials have been compromised. We can identify potentially active sessions and then close them down.”
Detailed. Interviewees described how compared to prior solutions that provided more generalized threat intelligence, Flare delivers detailed intelligence. The senior incident response engineer at the electronics firm said: “We get fabulous details about leaked credentials. Previously, if we were lucky, we would receive an obfuscated password. Flare allows us to see the actual password being compromised, and because we know the actual password, we can check to see if it is being reused for other accounts.”
Preventative. The VP of software and cloud at the telecom described how his ability to react quickly to threats prevents them from becoming incidents: “We react as soon as credentials appear or a machine has been compromised. Because we react quickly, we prevent the incident before it happens, and that’s the real power of Flare.”
Comprehensive. The senior incident response engineer at the electronics firm described the scope of the intelligence. They said, “Flare gathers threat intelligence from a wide range of sources giving us a complete picture of the threat landscape, including emerging threats and vulnerabilities. “
Modeling and assumptions. Based on the interviews, Forrester assumes the following about the composite organization:
The composite organization has a 68% likelihood of experiencing one or more serious data breaches per year in which the organization’s data is potentially compromised. For the purpose of this analysis, this is held flat year over year.3
Forrester estimates that 40% of breaches are addressable with Flare. These include external attacks targeting the organization or an employee’s remote work environment, its external ecosystem, and some categories of internal incidents.4
The cumulative cost of data breaches in the prior environment is $4,427,000.5 For the composite, these combined factors yield $1,023,522 of annualized risk exposure addressable with Flare.
Compared to the prior environment, Flare reduces the risk of exposure to breach by 25%.
Risks. Forrester recognizes that these results may not be representative of all experiences. The following factors may impact this benefit:
An organization’s security context, including its security maturity, and the likelihood, number, cost, and severity of exposure-related security incidents in the prior environment.
Results. To account for these risks, Forrester adjusted this benefit downward by 20%, yielding a three-year, risk-adjusted total PV (discounted at 10%) of $509,000.
Reduction in risk of exposure to breach with Flare compared to prior environment
| Ref. | Metric | Source | Year 1 | Year 2 | Year 3 | |
|---|---|---|---|---|---|---|
| A1 | Cumulative cost of breaches for the composite | Forrester research | $4,427,000 | $4,427,000 | $4,427,000 | |
| A2 | Likelihood of the composite experiencing one or more breaches | Forrester research | 68% | 68% | 68% | |
| A3 | Percentage of breaches from external attacks targeting the organization, its remote environments and external ecosystem, and certain categories of internal incidents | Forrester research | 85% | 85% | 85% | |
| A4 | Percentage of those attacks addressable with Flare | Composite | 40% | 40% | 40% | |
| A5 | Annual risk exposure addressable with Flare | A1*A2*A3*A4 | $1,023,522 | $1,023,522 | $1,023,522 | |
| A6 | Reduced risk of exposure to breach costs from addressable attacks with Flare | Composite | 25% | 25% | 25% | |
| At | Reduced risk of exposure to breach | A5*A6 | $255,881 | $255,881 | $255,881 | |
| Risk adjustment | ↓20% | |||||
| Atr | Reduced risk of exposure to breach (risk-adjusted) | $204,705 | $204,705 | $204,705 | ||
| Three-year total: $614,114 | Three-year present value: $509,071 | |||||
Evidence and data. Compared to their prior environment, interviewees reported approximately 25% reductions in manual effort with Flare’s threat detection in the following areas:
Dark web research. The senior incident response engineer at the electronics firm noted a significant reduction in the time spent conducting dark web research: “Before, we spent anywhere between 8 and 10 hours a week just trying to figure out where to go on the dark web [to hunt] for identity exposures and ransomware notices. Immediately, we outsourced the dark web research because Flare handles the personas, the research, and breaking into the bad guy networks. We never would have gotten that far without Flare.”
Incident response. The VP of software and cloud at the telecom reported how Flare reduced the time they spent determining the cause of an incident: “Flare has sped up our research into an incident. Rather than spending hours crawling around the dark web, now we just spend a few minutes checking on a hunch, and we can eliminate ideas on how somebody came into possession of something.”
Red/purple teaming. The senior incident response engineer at the electronics firm described how Flare decreased the time spent on internal offensive security operations: “When I flip a switch and go to offensive mode and start trying to attack our own stuff, I will absolutely go to Flare to see which employees might have credentials out there for us to use. Before, it would have taken hours to assemble a solid password-spraying list. Now, it takes minutes.”
Threat reporting. Flare uses AI to generate threat reports from curated data feeds. Interviewees described how these threat flow reports reduced the amount of time to share information on potential threats. The senior incident and hunting specialist at the consulting firm explained: “The AI tool will generate a report from the gathered intelligence that you can refine. The difference is 10 minutes to put out an urgent threat report versus an hour. Previously, our analysts would spend time manually trolling for the information. Flare delivers the information we need in a validated and reputable form that we can do something with very, very quickly.”
He went on to explain how these threat reports reduced the amount of incoming information analysts had to sort through: “What Flare does is curate the threat feed to ensure we get what’s important to us. The AI learns what we’re interested in and what our identifiers are and targets the threat intelligence rather than spray a continual fire hose of information.”
Threat risk prioritization. Flare uses a detailed set of rules to prioritize threats based on their potential impact. The VP of software and cloud at the telecom described how this has reduced the number of false positives and helped them focus on the most critical issues. They shared, “Flare’s automated risk scoring and threat intelligence feeds have reduced the number of false positives by 50%, allowing us to prioritize genuine threats more effectively.”
Language translation. Flare uses AI to translate foreign language communications into English. The cybersecurity technology advisor at the consulting firm described how this saves time. They said, “A lot of communication on cybercrime forums is in Russian, and the AI will automatically translate it into English, which makes it readable and immediately actionable.”
Modeling and assumptions. Based on the interviews, Forrester assumes the following about the composite organization:
Three FTEs on the security team are devoted to managing threat intelligence.
The majority of the FTEs’ work time, 85%, is impacted by Flare.
As a result of using Flare, the security FTEs reduce the time spent on managing threat intelligence by 25%.
The majority of the labor hours saved, 75%, are recaptured and spent on other security tasks.
Risks. Forrester recognizes that these results may not be representative of all experiences. The following factors may impact this benefit:
An organization’s security context, including its security maturity, and the likelihood, number, cost, and severity of exposure-related security incidents in the prior environment.
The number of security FTEs dedicated to managing threat intelligence.
The extent to which an organization adopts AI tools.
Results. To account for these risks, Forrester adjusted this benefit downward by 10%, yielding a three-year, risk-adjusted total PV (discounted at 10%) of $167,000.
| Ref. | Metric | Source | Year 1 | Year 2 | Year 3 | |
|---|---|---|---|---|---|---|
| B1 | Security FTEs working on threat intelligence | Composite | 3 | 3 | 3 | |
| B2 | Percentage of work time impacted by Flare | Interviews | 85% | 85% | 85% | |
| B3 | Increased efficiency with Flare | Interviews | 25% | 25% | 25% | |
| B4 | Average fully burdened hourly rate for a security resource | Composite | $75 | $75 | $75 | |
| B5 | Productivity recapture | TEI methodology | 75% | 75% | 75% | |
| Bt | Labor efficiencies | (B1*2,080)*B2*B3*B4*B5 | $74,588 | $74,588 | $74,588 | |
| Risk adjustment | ↓10% | |||||
| Btr | Labor efficiencies (risk-adjusted) | $67,129 | $67,129 | $67,129 | ||
| Three-year total: $201,388 | Three-year present value: $166,940 | |||||
Evidence and data. Flare’s functionality exceeded the capabilities of legacy solutions, and as a result, the interviewees said they reduced or eliminated their use of prior tools. The senior incident and hunting specialist at the consulting firm said: “We moved away from our prior solution because it was expensive and didn’t give us the level of detail we needed. And the seat-based pricing made it hard to scale.”
The VP of software and cloud at the telecom said they were able to eliminate some prior tools and decrease the cost of cyber insurance. They said, “We’ve been able to eliminate the use of some legacy tools and point solutions, including reduced dependency on external Managed Security Service Providers (MSSPs), and we lowered cyber insurance premiums.”
Modeling and assumptions. Based on the interviews, Forrester assumes the following about the composite organization:
The composite’s prior annual threat intelligence licensing fees were $110,000.
The composite’s team spent 50 hours per year managing prior threat intelligence tools.
Risks. Forrester recognizes that these results may not be representative of all experiences. The following factors may impact this benefit:
An organization’s security context, including its security maturity in the prior environment, which will impact the cost of threat intelligence licensing fees.
The type of threat intelligence tool deployed in the prior environment.
Results. To account for these risks, Forrester adjusted this benefit downward by 15%, yielding a three-year, risk-adjusted total PV (discounted at 10%) of $240,400.
| Ref. | Metric | Source | Year 1 | Year 2 | Year 3 | |
|---|---|---|---|---|---|---|
| C1 | Prior solution’s subscription cost | Interviews | $110,000 | $110,000 | $110,000 | |
| C2 | Ongoing maintenance in prior environment (hours) | Interviews | 50 | 50 | 50 | |
| C3 | Average fully burdened hourly rate for a security resource | B4 | $75 | $75 | $75 | |
| Ct | Reduction in costs | C1+(C2*C3) | $113,750 | $113,750 | $113,750 | |
| Risk adjustment | ↓15% | |||||
| Ctr | Reduction in costs (risk-adjusted) | $96,688 | $96,688 | $96,688 | ||
| Three-year total: $290,063 | Three-year present value: $240,448 | |||||
Interviewees mentioned the following additional benefits that their organizations experienced but were not able to quantify:
Flare team engagement and support. Interviewees praised the level of support they received from the Flare team. The senior incident response engineer at the electronics firm said: “You can tell when you’re working with everybody, from sales to the engineers, that they’re driven by passion. It seems like everybody loves being there, and they just want to make cybercriminals pay.”
Visibility into threat actor and cybercrime ecosystems. Interviewees find value in the view Flare provides into the world of threat actors. The VP of software and cloud at the telecom said: “Flare enables us to have an unparalleled view into the attackers’ world. There’s nobody else that offers that type of view.”
The senior incident response engineer at the electronics firm suggested that he didn’t realize what he was missing previously by not having a view into dark web chats. They said, “One of the biggest things we didn’t even know we were missing was the visibility into dark web chats, including [messaging channels].”
The value of flexibility is unique to each customer. There are multiple scenarios in which a customer might implement Flare and later realize additional uses and business opportunities, including:
Amplified impact. The senior incident response manager at the electronics firm described how Flare improved the effectiveness of their team: “Flare has become a force multiplier for us. We don’t have a big team, but with Flare, we’re doing the work of a much larger one.”
Flexibility would also be quantified when evaluated as part of a specific project (described in more detail in Total Economic Impact Approach).
| Ref. | Cost | Initial | Year 1 | Year 2 | Year 3 | Total | Present Value |
|---|---|---|---|---|---|---|---|
| Dtr | Flare subscription fees | $0 | $83,600 | $83,600 | $83,600 | $250,800 | $207,901 |
| Etr | Internal costs for deployment and maintenance | $4,785 | $1,980 | $1,980 | $1,980 | $10,725 | $9,709 |
| Total costs (risk-adjusted) | $4,785 | $85,580 | $85,580 | $85,580 | $261,525 | $217,610 |
Evidence and data. Flare’s license fees are based on the number of identifiers — that is, items used to monitor activities related to different resources including domains, names, keywords, IP addresses, BIN numbers, and queries (a potential combination of several identifier types).
Modeling and assumptions. Based on the interviews, Forrester assumes the following about the composite organization:
Subscription fees for the composite organization are $76,000 and are based on 4,000 identifiers.
Pricing may vary. Contact Flare for additional details.
Risks. Forrester recognizes that these results may not be representative of all experiences. The following factors may impact this cost:
The number of identifiers licensed.
Results. To account for these risks, Forrester adjusted this cost upward by 10%, yielding a three-year, risk-adjusted total PV (discounted at 10%) of $208,000.
| Ref. | Metric | Source | Initial | Year 1 | Year 2 | Year 3 |
|---|---|---|---|---|---|---|
| D1 | Flare subscription fees | Composite | $0 | $76,000 | $76,000 | $76,000 |
| Dt | Flare subscription fees | D1 | $0 | $76,000 | $76,000 | $76,000 |
| Risk adjustment | ↑10% | |||||
| Dtr | Flare subscription fees (risk-adjusted) | $0 | $83,600 | $83,600 | $83,600 | |
| Three-year total: $250,800 | Three-year present value: $207,901 | |||||
Evidence and data. In addition to fees paid to Flare for the license, the interviewees described internal costs related to the implementation of and training on the solution.
Implementation efforts included a security review; setup and configuration to monitor relevant identifiers; and integration with SIEM, SOAR, and other internal systems to enrich alerts and workflows.
The training process included a dedicated session with Flare, followed by a few additional hours of hands-on use to become proficient with the platform.
Modeling and assumptions. Based on the interviews, Forrester assumes the following about the composite organization:
One technical FTE is involved in the technical implementation.
Three security team members participate in a total of 6 hours each for training and onboarding.
Following implementation, ongoing maintenance of the solution requires 24 hours per year.
Risks. Forrester recognizes that these results may not be representative of all experiences. The following factors may impact this cost:
Security team members’ prior experience using threat intelligence tools.
The level of integration with other internal systems.
Results. To account for these risks, Forrester adjusted this cost upward by 10%, yielding a three-year, risk-adjusted total PV (discounted at 10%) of less than $10,000.
| Ref. | Metric | Source | Initial | Year 1 | Year 2 | Year 3 |
|---|---|---|---|---|---|---|
| E1 | Total time for technical deployment and integrations (hours) | Interviews | 40 | |||
| E2 | Security resources involved in training | Interviews | 3 | |||
| E3 | Training time per security resource (hours) | Interviews | 6 | |||
| E4 | Average fully burdened hourly rate for a security resource | B4 | $75 | |||
| E5 | Subtotal: Deployment and training | (E1+(E2*E3))*E4 | $4,350 | |||
| E6 | Ongoing maintenance time (hours) | Interviews | 0 | 24 | 24 | 24 |
| E7 | Average fully burdened hourly rate for a security resource | B4 | $0 | $75 | $75 | $75 |
| E8 | Subtotal: Product administration | E6*E7 | $0 | $1,800 | $1,800 | $1,800 |
| Et | Internal costs for deployment and maintenance | E5+E8 | $4,350 | $1,800 | $1,800 | $1,800 |
| Risk adjustment | ↑10% | |||||
| Etr | Internal costs for deployment and maintenance (risk-adjusted) | $4,785 | $1,980 | $1,980 | $1,980 | |
| Three-year total: $10,725 | Three-year present value: $9,709 | |||||
| Initial | Year 1 | Year 2 | Year 3 | Total | Present Value | |
|---|---|---|---|---|---|---|
| Total costs | ($4,785) | ($85,580) | ($85,580) | ($85,580) | ($261,525) | ($217,610) |
| Total benefits | $0 | $368,522 | $368,522 | $368,522 | $1,105,565 | $916,459 |
| Net benefits | ($4,785) | $282,942 | $282,942 | $282,942 | $844,040 | $698,849 |
| ROI | 321% | |||||
| Payback | <6 months |
The financial results calculated in the Benefits and Costs sections can be used to determine the ROI, NPV, and payback period for the composite organization’s investment. Forrester assumes a yearly discount rate of 10% for this analysis.
These risk-adjusted ROI, NPV, and payback period values are determined by applying risk-adjustment factors to the unadjusted results in each Benefit and Cost section.
The initial investment column contains costs incurred at “time 0” or at the beginning of Year 1 that are not discounted. All other cash flows are discounted using the discount rate at the end of the year. PV calculations are calculated for each total cost and benefit estimate. NPV calculations in the summary tables are the sum of the initial investment and the discounted cash flows in each year. Sums and present value calculations of the Total Benefits, Total Costs, and Cash Flow tables may not exactly add up, as some rounding may occur.
From the information provided in the interviews, Forrester constructed a Total Economic Impact™ framework for those organizations considering an investment in Flare.
The objective of the framework is to identify the cost, benefit, flexibility, and risk factors that affect the investment decision. Forrester took a multistep approach to evaluate the impact that Flare can have on an organization.
Interviewed Flare stakeholders and Forrester analysts to gather data relative to Flare.
Interviewed four decision-makers at organizations using Flare to obtain data about costs, benefits, and risks.
Designed a composite organization based on characteristics of the interviewees’ organizations.
Constructed a financial model representative of the interviews using the TEI methodology and risk-adjusted the financial model based on issues and concerns of the interviewees.
Employed four fundamental elements of TEI in modeling the investment impact: benefits, costs, flexibility, and risks. Given the increasing sophistication of ROI analyses related to IT investments, Forrester’s TEI methodology provides a complete picture of the total economic impact of purchase decisions. Please see Appendix A for additional information on the TEI methodology.
Benefits represent the value the solution delivers to the business. The TEI methodology places equal weight on the measure of benefits and costs, allowing for a full examination of the solution’s effect on the entire organization.
Costs comprise all expenses necessary to deliver the proposed value, or benefits, of the solution. The methodology captures implementation and ongoing costs associated with the solution.
Flexibility represents the strategic value that can be obtained for some future additional investment building on top of the initial investment already made. The ability to capture that benefit has a PV that can be estimated.
Risks measure the uncertainty of benefit and cost estimates given: 1) the likelihood that estimates will meet original projections and 2) the likelihood that estimates will be tracked over time. TEI risk factors are based on “triangular distribution.”
The present or current value of (discounted) cost and benefit estimates given at an interest rate (the discount rate). The PV of costs and benefits feed into the total NPV of cash flows.
The present or current value of (discounted) future net cash flows given an interest rate (the discount rate). A positive project NPV normally indicates that the investment should be made unless other projects have higher NPVs.
A project’s expected return in percentage terms. ROI is calculated by dividing net benefits (benefits less costs) by costs.
The interest rate used in cash flow analysis to take into account the time value of money. Organizations typically use discount rates between 8% and 16%.
The breakeven point for an investment. This is the point in time at which net benefits (benefits minus costs) equal initial investment or cost.
Total Economic Impact is a methodology developed by Forrester Research that enhances a company’s technology decision-making processes and assists solution providers in communicating their value proposition to clients. The TEI methodology helps companies demonstrate, justify, and realize the tangible value of business and technology initiatives to both senior management and other key stakeholders.
1 Source: Forrester’s Security Survey, 2024. Base: 1,240 security decision-makers who experienced an external attack when their company was breached.
2 Total Economic Impact is a methodology developed by Forrester Research that enhances a company’s technology decision-making processes and assists solution providers in communicating their value proposition to clients. The TEI methodology helps companies demonstrate, justify, and realize the tangible value of business and technology initiatives to both senior management and other key stakeholders.
3 Source: Regression analysis of the likelihood of experiencing one or more breaches, using the frequency that organizations experienced breaches in the past 12 months as reported by security decision-makers. The composite organization’s revenue is used as the input to the regression formula. Source: Forrester’s Security Survey, 2024. Question: “How many times do you estimate that your organization’s sensitive data was potentially compromised or breached in the past 12 months?” Base: 2,769 global security decision-makers.
4 Percentage of breaches by primary attack vector, as reported by security decision-makers whose organizations experienced at least one breach in the past 12 months. Source: Forrester’s Security Survey, 2024. Question: “Of the times that your organization’s sensitive data was potentially compromised or breached in the past 12 months, please indicate how many of each fall into the categories below.” Base: 1,542 global security decision-makers who have experienced a breach in the past 12 months.
5 Source: Regression analysis of the reported total cumulative costs of all breaches experienced by security decision-makers’ organizations in the past 12 months. The composite organization’s revenue is used as the input to the regression formula. Source: Forrester’s Security Survey, 2024. Question: “Using your best estimate, what was the total cumulative cost of all breaches experienced by your organization in the past 12 months?” Base: 1,660 global security decision-makers who have experienced a breach in the past 12 months.
Readers should be aware of the following:
This study is commissioned by Flare and delivered by Forrester Consulting. It is not meant to be used as a competitive analysis.
Forrester makes no assumptions as to the potential ROI that other organizations will receive. Forrester strongly advises that readers use their own estimates within the framework provided in the study to determine the appropriateness of an investment in Flare. For any interactive functionality, the intent is for the questions to solicit inputs specific to a prospect's business. Forrester believes that this analysis is representative of what companies may achieve with Flare based on the inputs provided and any assumptions made. Forrester does not endorse Flare or its offerings. Although great care has been taken to ensure the accuracy and completeness of this model, Flare and Forrester Research are unable to accept any legal responsibility for any actions taken on the basis of the information contained herein. The interactive tool is provided ‘AS IS,’ and Forrester and Flare make no warranties of any kind.
Flare reviewed and provided feedback to Forrester, but Forrester maintains editorial control over the study and its findings and does not accept changes to the study that contradict Forrester’s findings or obscure the meaning of the study.
Flare provided the customer names for the interviews but did not participate in the interviews.
Lori Heckmann
July 2025
ABOUT FORRESTER CONSULTING
Forrester provides independent and objective research-based consulting to help leaders deliver key transformation outcomes. Fueled by our customer-obsessed research, Forrester’s seasoned consultants partner with leaders to execute on their priorities using a unique engagement model that tailors to diverse needs and ensures lasting impact. For more information, visit forrester.com/consulting.
© Forrester Research, Inc. All rights reserved. Unauthorized reproduction is strictly prohibited. Information is based on best available resources. Opinions reflect judgment at the time and are subject to change. Forrester®, Technographics®, Forrester Wave, and Total Economic Impact are trademarks of Forrester Research, Inc. All other trademarks are the property of their respective companies.
https://mainstayadvisor.com/go/mainstay/gdpr/policy.html
PDF