A FORRESTER TOTAL ECONOMIC IMPACT STUDY COMMISSIONED BY Dell, AUGUST 2023
Since 2020, the frequency of ransomware attacks has increased threefold, and the severity and sophistication of those attacks is also on the rise. When one hits, it can cripple an organization, and recovery can be time-consuming, costly, and even incomplete. The best insurance policy against an attack is a thorough cyber resilience strategy so you know your backups are valid and can be restored when needed.1,2
Dell’s PowerProtect Cyber Recovery vault allows organizations to create immutable backups and store them in an isolated vault, enabling recovery of critical data and systems after a cyber attack in the event that standard backups are impacted. CyberSense works within the vault to scan backups for corruption or infiltration, providing an additional layer of support for faster, effective data recovery.
Dell commissioned Forrester Consulting to conduct a Total Economic Impact™ (TEI) study and examine the potential return on investment (ROI) enterprises may realize by deploying PowerProtect Cyber Recovery.3 The purpose of this study is to provide readers with a framework to evaluate the potential financial impact of PowerProtect Cyber Recovery on their organizations.
To better understand the benefits, costs, and risks associated with this investment, Forrester interviewed five representatives with experience using PowerProtect Cyber Recovery. For the purposes of this study, Forrester aggregated the interviewees’ experiences and combined the results into a single composite organization that is a regional public sector organization with 1,500 employees, 200,000 constituents, and an annual budget of $500 million.
Prior to using PowerProtect Cyber Recovery, the interviewees’ organizations had traditional recovery and backup systems in place. These systems were often costly, but they still did not inspire confidence they would mitigate the potential downtime and loss from situations such as ransomware attacks. While the organizations kept backups of their data in these systems, the systems were live and online. This made them vulnerable to backup-impacting events such as ransomware attacks that threatened significant losses.
To mitigate these concerns, interviewees looked for a solution that would help guarantee the resilience of their organizations in the face of a ransomware attack. They wanted to be able to access their backup data quickly and confidently, so they looked for a solution that could easily integrate with their existing backup systems and that they could trust. Ultimately, the interviewees chose to deploy PowerProtect Cyber Recovery on-premises. With PowerProtect Cyber Recovery, their organizations experienced faster data recovery and reduced downtime in the face of ransomware attacks. This contributed to a decrease in lost productivity and lost business as a result of attacks.
Quantified benefits. Three-year, risk-adjusted present value (PV) quantified benefits for the composite organization include:
Unquantified benefits. Benefits that provide value for the composite organization but are not quantified for this study include:
Costs. Three-year, risk-adjusted PV costs for the composite organization include:
The representative interviews and financial analysis found that a composite organization experiences benefits of $463K over three years versus costs of $303K, adding up to a net present value (NPV) of $160K and an ROI of 53%.
Return on investment (ROI):
Benefits PV:
Net present value (NPV):
Payback:
From the information provided in the interviews, Forrester constructed a Total Economic Impact™ framework for those organizations considering an investment PowerProtect Cyber Recovery.
The objective of the framework is to identify the cost, benefit, flexibility, and risk factors that affect the investment decision. Forrester took a multistep approach to evaluate the impact that PowerProtect Cyber Recovery can have on an organization.
Interviewed Dell stakeholders and Forrester analysts to gather data relative to PowerProtect Cyber Recovery.
Interviewed five representatives at organizations using PowerProtect Cyber Recovery to obtain data about costs, benefits, and risks.
Designed a composite organization based on characteristics of the interviewees’ organizations.
Constructed a financial model representative of the interviews using the TEI methodology and risk-adjusted the financial model based on issues and concerns of the interviewees.
Employed four fundamental elements of TEI in modeling the investment impact: benefits, costs, flexibility, and risks. Given the increasing sophistication of ROI analyses related to IT investments, Forrester’s TEI methodology provides a complete picture of the total economic impact of purchase decisions. Please see Appendix A for additional information on the TEI methodology.
Readers should be aware of the following:
This study is commissioned by Dell and delivered by Forrester Consulting. It is not meant to be used as a competitive analysis.
Forrester makes no assumptions as to the potential ROI that other organizations will receive. Forrester strongly advises that readers use their own estimates within the framework provided in the study to determine the appropriateness of an investment in PowerProtect Cyber Recovery.
Dell reviewed and provided feedback to Forrester, but Forrester maintains editorial control over the study and its findings and does not accept changes to the study that contradict Forrester’s findings or obscure the meaning of the study.
Dell provided the customer names for the interviews but did not participate in the interviews.
Consulting Team:
Elizabeth Preston
Jonny Cook
Role | Industry | Annual revenue/budget | Number of employees | Number of customers/constituents |
---|---|---|---|---|
Network administrator | Local government | $150 million | 1,000 | 88,000 |
Senior vice president (SVP) of IT | Financial services | $265 million | 750 | 250,000 |
Chief information security officer (CISO) | Local government | $1 billion | 1,800 | 281,000 |
Solutions architect | Public education | $115 million | 1,500 | 10,000 |
IT infrastructure manager | Government agency | N/A | 1,300 | N/A |
Most of the interviewees’ organizations had a traditional recovery system in place before investing in PowerProtect Cyber Recovery. While they backed up their data, the backup systems were often still on a network and therefore vulnerable. With their traditional backup recovery systems, they faced several challenges, including:
The interviewees said their organizations often began to search for a new backup and recovery system when they watched other local businesses or municipalities suffer ransomware attacks. The interviewees knew their organizations could face a similar threat, and they wanted to implement best practices beforehand and take the actions they believed would have helped their counterpart organizations better handle attacks. Interviewees searched for a solution that would:
After evaluating multiple vendors, the interviewees’ organizations chose PowerProtect Cyber Recovery and began deployment.
Based on the interviews, Forrester constructed a TEI framework, a composite company, and an ROI analysis that illustrates the areas financially affected. The composite organization is representative of the five interviewees, and it is used to present the aggregate financial analysis in the next section. The composite organization has the following characteristics:
Description of composite. The composite organization has 1,500 employees and 200,000 constituents with an operating budget of $500 million. Before using PowerProtect Cyber Recovery, the organization had a disaster recovery backup system in place, but it did not have an isolated recovery vault. The composite organization is based on interviews with representatives of public sector organizations and one financial services organization, so benefits are modeled accordingly. However, benefit categories and frameworks are relevant for all industries.
Deployment characteristics. The composite organization deploys PowerProtect Cyber Recovery on-premises. It stores 50 terabytes (TB) of data in the vault, which includes its mission-critical data along with some additional high-value data backups. The organization backs up the data in regular intervals, which minimizes the solution’s period of vulnerability.
Ref. | Benefit | Year 1 | Year 2 | Year 3 | Total | Present Value |
---|---|---|---|---|---|---|
Atr | Recovery labor cost savings | |||||
Btr | Reduced productivity loss | |||||
Ctr | Reduction in lost business | |||||
Dtr | Legacy environment savings | |||||
Total benefits (risk-adjusted) |
Evidence and data. Interviewees reported that with PowerProtect Cyber Recovery, their organizations recovered their data more quickly following ransomware attacks. Their organizations spent less time reimaging data and rebuilding surfaces and tools, and it was easier and faster for them to locate the data they wanted to restore and ensure that it was a recent and safe copy of the data.
Modeling and assumptions. Forrester modeled the impact for the composite organization based on the following assumptions:
Flexibility: Flexibility benefits may be viewed traditionally as future supplemental value enabled by longer-term added investments. But flexibility can also be applied to nearer-term benefits to identify relevant value and opportunities beyond what is financially measured in the benefit table to highlight different use cases, business models, industries, or IT maturities. For instance:
Risks. The expected financial impact is subject to risks and variation based on factors including:
Results. To account for these risks, Forrester adjusted this benefit downward by 15%, yielding a three-year, risk-adjusted total PV (discounted at 10%) of $62,977.
Ref. | Metric | Source | Year 1 | Year 2 | Year 3 | |
---|---|---|---|---|---|---|
A1 | Third-party time spent on data recovery processes (hours) | |||||
A2 | Hourly rate for third-party recovery labor | Composite | ||||
A3 | Internal time spent on recovery by security and infrastructure teams (hours) | |||||
A4 | Fully burdened hourly salary of a security professional | TEI standard | ||||
A5 | Material breaches from ransomware | |||||
A6 | Reduction in time spent on recovery | Interviews | ||||
At | Recovery labor cost savings | (A1*A2+A3*A4)*A 5*A6 | ||||
Risk adjustment | ↓15% | |||||
Atr | Recovery labor cost savings (risk-adjusted) | |||||
Three-year total: | Three-year present value: |
Evidence and data. When an organization experiences a ransomware attack, it often loses access to key systems and files, which disrupts business processes and impedes employees from doing their jobs. For the interviewees’ organizations, restoring data and getting systems back online more quickly with PowerProtect Cyber Recovery reduced disruption to employee productivity associated with attacks.
With PowerProtect Cyber Recovery, the organization’s systems were down for only a few hours, and they were back to business as usual by the end of the day.
Modeling and assumptions. Forrester modeled the impact for the composite organization based on the following assumptions:
Flexibility. Use cases and business models can again be considered for end-user productivity improvements as a result of reduced or avoided ransomware attacks. For example:
Risks. The expected financial impact is subject to risks and variation based on factors including:
Results. To account for these risks, Forrester adjusted this benefit downward by 10%, yielding a three-year, risk-adjusted total PV (discounted at 10%) of $81,808.
Ref. | Metric | Source | Year 1 | Year 2 | Year 3 | |
---|---|---|---|---|---|---|
B1 | Employees | |||||
B2 | Business employee productivity time lost due to downtime (hours) | |||||
B3 | Average fully burdened hourly salary of a business employee | TEI standard | ||||
B4 | Material breaches from ransomware | |||||
B5 | Reduction in downtime with Dell PowerProtect Cyber Recovery | Interviews | ||||
B6 | Productivity recapture | TEI standard | ||||
Bt | Reduced productivity loss | B1*B2*B3*B4*B5* B6 | ||||
Risk adjustment | ↓10% | |||||
Btr | Reduced productivity loss (risk-adjusted) | |||||
Three-year total: | Three-year present value: |
Evidence and data. In addition to the time and labor costs organizations incur when responding to an event and lost productivity for employees when systems are down, firms that experience a breach often suffer a loss in revenue due to an inability to provide services or reputational damage that translates to increased customer churn and a need to rebuild brand equity. Organizations that can recover data faster and minimize their downtime experience less business disruption, a smaller impact to sales or service provision, and decreased chances of negative publicity or customer risk that affect their brands’ reputations.
Modeling and assumptions. Forrester modeled the impact for the composite organization based on the following assumptions:
Risks. The expected financial impact is subject to risks and variation based on factors including:
Results. To account for these risks, Forrester adjusted this benefit downward by 10%, yielding a three-year, risk-adjusted total PV (discounted at 10%) of $35,721.
Ref. | Metric | Source | Year 1 | Year 2 | Year 3 | |
---|---|---|---|---|---|---|
C1 | Lost business from downtime | |||||
C2 | Material breaches from ransomware | |||||
C3 | Reduction in downtime with Dell PowerProtect Cyber Recovery | Interviews | ||||
Ct | Reduction in lost business | C1*C2*C3 | ||||
Risk adjustment | ↓10% | |||||
Ctr | Reduction in lost business (risk-adjusted) | |||||
Three-year total: | Three-year present value: |
Evidence and data. Alongside labor savings during recovery, interviewees said their organizations were able to reduce capital expenditures related to hardware, maintenance, and off-site storage.
Modeling and assumptions. Forrester modeled the impact for the composite organization based on the following assumptions:
Flexibility. Legacy cost savings are straightforward, but some organizations including those that fit into Forrester’s “modern” or “future-fit” IT maturity categories may want to consider the value of reinvesting cost savings back into operations.8 For example, a government organization may consider how cost savings can enable more services and/or increase public good. Private businesses could look to the value enabled by that reinvestment.
Forrester modeled that the composite organization saves more than $280,000 PV in legacy cost savings. In this study, the business case shows more than $460,000 in total benefits enabled by just over $300,000 in costs (PV over three years). If legacy software and hardware contracts can be ended quickly, the business case could also include a plan to reinvest that $280,000 in legacy cost savings (plus an additional $20,000) for the same total return, while requiring less saved cash for investment. Other organizations may not see legacy cost savings until later, but they can still open new opportunities for investment.
Risks. The expected financial impact is subject to risks and variation based on:
Results. To account for these risks, Forrester adjusted this benefit downward by 10%, yielding a three-year, risk-adjusted total PV (discounted at 10%) of $282,253.
Ref. | Metric | Source | Year 1 | Year 2 | Year 3 | |
---|---|---|---|---|---|---|
D1 | Retired hardware savings | |||||
D2 | Time that IT professionals save on backup management and maintenance (hours) | |||||
D3 | Fully burdened hourly salary of an infrastructure professional | TEI Standard | ||||
Dt | Legacy environment savings | D1+D2*D3 | ||||
Risk adjustment | ↓10% | |||||
Dtr | Legacy environment savings (risk-adjusted) | |||||
Three-year total: | Three-year present value: |
Interviewees mentioned the following additional benefits that their organizations experienced but were not able to quantify:
Flexibility represents additional capability that could be turned into future business benefit, providing an organization with the right or the ability to engage in future initiatives but not the obligation to do so. The value of flexibility is unique to each customer. Scenarios in which a customer might implement PowerProtect Cyber Recovery and later realize additional uses and business opportunities include:
Flexibility would also be quantified when evaluated as part of a specific project (described in more detail in Appendix A).
Ref. | Cost | Initial | Year 1 | Year 2 | Year 3 | Total | Present Value |
---|---|---|---|---|---|---|---|
Etr | Implementation fee, hardware, software, and 3 year support cost | ||||||
Ftr | Internal implementation and ongoing management costs | ||||||
Total costs (risk-adjusted) |
Evidence and data. Interviewees’ organizations signed three- to five-year contracts with Dell that included hardware, software, installation, and implementation support and services from Dell and/or a third-party partner.
Modeling and assumptions. Forrester modeled this cost based on the following:
Risks. The expected financial impact is subject to risks and variation based on factors including:
Results. To account for these risks, Forrester adjusted this cost upward by 10%, yielding a three-year, risk-adjusted total PV (discounted at 10%) of $183,700.
Ref. | Metric | Source | Initial | Year 1 | Year 2 | Year 3 | |
---|---|---|---|---|---|---|---|
E1 | Implementation fee, hardware, software, and 3 year support cost | ||||||
Et | Implementation fee, hardware, software, and 3 year support cost | E1 | |||||
Risk adjustment | ↑10% | ||||||
Etr | Implementation fee, hardware, software, and 3 year support cost (risk-adjusted) | ||||||
Three-year total: | Three-year present value: |
Evidence and data. The interviewees’ organizations incurred the following internal costs related to their investment in PowerProtect Cyber Recovery:
Modeling and assumptions. Forrester modeled this cost based on the following information:
Risks. The expected financial impact is subject to risks and variation based on factors that may increase costs or extend deployment, including:
Results. To account for these risks, Forrester adjusted this cost upward by 10%, yielding a three-year, risk-adjusted total PV (discounted at 10%) of $119,081.
Ref. | Metric | Source | Initial | Year 1 | Year 2 | Year 3 | |
---|---|---|---|---|---|---|---|
F1 | Number of months for implementation | ||||||
F2 | Number of internal resources supporting implementation | ||||||
F3 | Percent of time dedicated | Interviews | |||||
F4 | Number of resources supporting ongoing management | ||||||
F5 | Percent of time dedicated | Interviews | |||||
F6 | Average monthly fully burdened salary | TEI standard | |||||
Ft | Internal implementation and ongoing management costs | ||||||
Risk adjustment | ↑10% | ||||||
Ftr | Internal implementation and ongoing management costs (risk-adjusted) | ||||||
Three-year total: | Three-year present value: |
The financial results calculated in the Benefits and Costs sections can be used to determine the ROI, NPV, and payback period for the composite organization’s investment. Forrester assumes a yearly discount rate of 10% for this analysis.
These risk-adjusted ROI, NPV, and payback period values are determined by applying risk-adjustment factors to the unadjusted results in each Benefit and Cost section.
Initial | Year 1 | Year 2 | Year 3 | Total | Present Value | |
---|---|---|---|---|---|---|
Total costs | ||||||
Total benefits | ||||||
Net benefits | ||||||
ROI | ||||||
Payback period (months) |
Total Economic Impact is a methodology developed by Forrester Research that enhances a company’s technology decision-making processes and assists vendors in communicating the value proposition of their products and services to clients. The TEI methodology helps companies demonstrate, justify, and realize the tangible value of IT initiatives to both senior management and other key business stakeholders.
Benefits represent the value delivered to the business by the product. The TEI methodology places equal weight on the measure of benefits and the measure of costs, allowing for a full examination of the effect of the technology on the entire organization.
Costs consider all expenses necessary to deliver the proposed value, or benefits, of the product. The cost category within TEI captures incremental costs over the existing environment for ongoing costs associated with the solution.
Flexibility represents the strategic value that can be obtained for some future additional investment building on top of the initial investment already made. Having the ability to capture that benefit has a PV that can be estimated.
Risks measure the uncertainty of benefit and cost estimates given: 1) the likelihood that estimates will meet original projections and 2) the likelihood that estimates will be tracked over time. TEI risk factors are based on “triangular distribution.”
The initial investment column contains costs incurred at “time 0” or at the beginning of Year 1 that are not discounted. All other cash flows are discounted using the discount rate at the end of the year. PV calculations are calculated for each total cost and benefit estimate. NPV calculations in the summary tables are the sum of the initial investment and the discounted cash flows in each year. Sums and present value calculations of the Total Benefits, Total Costs, and Cash Flow tables may not exactly add up, as some rounding may occur.
Related Forrester Research
“Assess Your Technology Resilience Maturity,” Forrester Research, Inc., April 17, 2023
“The Best Tech Organizations Are Future Fit,” Forrester Research, Inc., September 28, 2022
1 Source: “The State Of Ransomware Attacks And Defenses,” Forrester Research, Inc., February 2, 2022.
2 Source: “The Forrester Wave: Data Resilience Solution Suites, Q4 2022,” Forrester Research, Inc., December 8, 2022.
3 Total Economic Impact is a methodology developed by Forrester Research that enhances a company’s
technology decision-making processes and assists vendors in communicating the value proposition of their products and services to clients. The TEI methodology helps companies demonstrate, justify, and realize the tangible value of IT initiatives to both senior management and other key business stakeholders.
4 Source: Forrester Consulting Cost Of A Cybersecurity Breach Survey, Q1 2021.
5 Ibid.
6 Ibid.
7 Ibid.
8 Source: “Future Fit Technology Strategies Require A New Approach To Making Investment Decisions,” Forrester Research, Inc., March 28, 2023.
Cookie Preferences
Accept Cookies
A cookie is a small text file that a website saves on your computer or mobile device when you visit the site. It enables the website to remember your actions (data inputs, website navigation), so you don’t have to re-enter data when you come back to the site or browse from one page to another.
Behavioral information collected by our web analytics vendor is used to analyze data pertaining to visitor trends, plan website enhancements, and measure overall website effectiveness. We may also use cookies or web beacons to help us offer you products, programs, or services that may be of interest to you and to deliver relevant advertising. We may use third-party advertising companies to help tailor website content to users or to serve ads on our behalf. These companies may also employ cookies and web beacons to measure advertising effectiveness.
Please accept cookies and the collection of behavioral information to receive full functionality and enhance your experience. If you decline cookies, some features of the website may not function normally.
Please see our
Privacy Policy for more information.