A Forrester Total Economic Impact™ Study Commissioned By Microsoft, December 2023
Switch between the study data and your organization’s custom data below. Answering the questions on the Custom Data tab will allow you to customize the analysis and estimate the potential impact of using Microsoft Sentinel at your organization.
To read Forrester's full analysis and customize the findings to your organization, please register below.
To read Forrester's full analysis and customize the findings to your organization, please register below.
The evolving landscape of cybersecurity threats and the increasing sophistication of malicious actors have created a pressing need for organizations to enhance their threat detection and response capabilities. Organizations need to efficiently collect, correlate, and analyze security data from various sources to identify and mitigate security incidents, which safeguards their digital assets and maintains operational continuity.
Microsoft Sentinel is an intelligent, comprehensive security information and event management (SIEM) solution for proactive threat detection, investigation, and response. As a cloud-based solution, Microsoft Sentinel enables organizations to eliminate extraneous security infrastructure and operational costs while scaling to meet organizational demands.
Microsoft commissioned Forrester Consulting to conduct a Total Economic Impact™ (TEI) study and examine the potential return on investment (ROI) enterprises may realize by deploying Microsoft Sentinel.1 The purpose of this study is to provide readers with a framework to evaluate the potential financial impact of Microsoft Sentinel on their organizations.
To better understand the benefits, costs, and risks associated with this investment, Forrester interviewed four representatives with experience using Microsoft Sentinel. For the purposes of this study, Forrester aggregated the interviewees’ experiences and combined the results into a single composite organization.
Prior to using Microsoft Sentinel, these interviewees noted how their organizations relied on legacy on-premises SIEM solutions. The prior solutions were expensive, required specialized staff, and failed to meet evolving security and compliance needs.
After the investment in Microsoft Sentinel, the interviewees saw a reduced total cost of ownership (TCO), strengthened their security profile, and recognized productivity improvements for security and support teams for their organizations.
Return on investment (ROI)
234%234%
Net present value (NPV)
$7.9M$7.9M
Quantified benefits. Three-year, risk-adjusted present value (PV) quantified benefits for the composite organization include:
For , discontinuing the legacy SIEM solution might total over three years.
For , increases in efficiency from the reduction of false positives and reduction of labor effort for advanced, multitouch investigations might total over three years.
For , reductions in management efforts that result in the redeployment of infrastructure services professionals and legacy SIEM specialists might total over three years.
For , reductions in time to configure and new connection deployments might total over three years.
For , reduced likelihood of a data breach might total over three years.
Unquantified benefits. Benefits that provide value for the composite organization but are not quantified for this study include:
Costs. Three-year, risk-adjusted PV costs for the composite organization include:
For , flexible, consumption-based pricing might total over three years.
For , deployment costs that include a deployment team and professional services might total over three years.
For , training costs for existing staff and new hires might total over three years.
The representative interviews and financial analysis found that a composite organization experiences benefits of $11.2 million over three years versus costs of $3.4 million, adding up to a net present value (NPV) of $7.9 million and an ROI of 234%.
might experience benefits of over three years versus costs of , adding up to an NPV of and an ROI of 0%.
TCO reduction
44%44%
“Every analyst says that Microsoft Sentinel is really intuitive and much easier to navigate around the screen and to do deep dives into the telemetry behind the alert. My personal view from anecdotal experience talking to my analysts is that they all find Microsoft Sentinel much easier to get to grips with and much easier to use on a day-to-day basis.”
Head of SOC, government
Return on investment (ROI)
Benefits PV
Net present value (NPV)
Payback
From the information provided in the interviews, Forrester constructed a Total Economic Impact™ framework for those organizations considering an investment in Microsoft Sentinel.
The objective of the framework is to identify the cost, benefit, flexibility, and risk factors that affect the investment decision. Forrester took a multistep approach to evaluate the impact that Microsoft Sentinel can have on an organization.
Interviewed Microsoft stakeholders and Forrester analysts to gather data relative to Microsoft Sentinel.
Interviewed four representatives at organizations using Microsoft Sentinel to obtain data about costs, benefits, and risks.
Designed a composite organization based on characteristics of the interviewees’ organizations.
Constructed a financial model representative of the interviews using the TEI methodology and risk-adjusted the financial model based on issues and concerns of the interviewees.
Employed four fundamental elements of TEI in modeling the investment impact: benefits, costs, flexibility, and risks. Given the increasing sophistication of ROI analyses related to IT investments, Forrester’s TEI methodology provides a complete picture of the total economic impact of purchase decisions. Please see Appendix A for additional information on the TEI methodology.
Readers should be aware of the following:
This study is commissioned by Microsoft and delivered by Forrester Consulting. It is not meant to be used as a competitive analysis.
Forrester makes no assumptions as to the potential ROI that other organizations will receive. Forrester strongly advises that readers use their own estimates within the framework provided in the study to determine the appropriateness of an investment in Microsoft Sentinel.
Microsoft reviewed and provided feedback to Forrester, but Forrester maintains editorial control over the study and its findings and does not accept changes to the study that contradict Forrester’s findings or obscure the meaning of the study.
Microsoft provided the customer names for the interviews but did not participate in the interviews.
Consulting Team:
Sam Conway
Matt Dunham
Role | Industry | Region | Revenue | Daily Ingest |
---|---|---|---|---|
CISCO | Financial services | US | $6.5 billion | 13 TB |
Head of SOC | Government | UK | N/A | 365 GB |
IT director | Healthcare | US | $50 million | 120 GB |
CISO | Healthcare | US | $1.5 billion | 500 GB |
Prior to their investment in Microsoft Sentinel, the interviewees’ organizations relied on legacy on-premises SIEM solutions. The interviewees noted how their organizations struggled with common challenges, including:
“The reason we have Microsoft Sentinel is because of its proactive predictive abilities. It is able to respond to threats faster than a human can. We actually were able to stop significant threats that hit other organizations and keep our organization running. Microsoft Sentinel was one of the tools in our Microsoft tool bag that really kept us running as an organization. It kept our operations running.”
CISO, healthcare
Based on the interviews, Forrester constructed a TEI framework, a composite company, and an ROI analysis that illustrates the areas financially affected. The composite organization is representative of the four interviewees, and it is used to present the aggregate financial analysis in the next section. The composite organization has the following characteristics:
Description of composite. The composite organization is based in the United States with global operations. The composite organization operates in a highly regulated industry with billions of dollars in annual revenue and 10,000 employees. The organization’s SOC team is comprised of 15 full-time employees, while six people make up its infrastructure and SIEM maintenance team. As a large organization, it ingests around 500 GB of data each day in Year 1, scaling to 1 TB per day in Year 2 and 1.5 TB per day in Year 3
Deployment characteristics. The composite organization starts with a proof of concept (POC) to test Microsoft Sentinel against its legacy solution. After a successful trial, the organization begins deployment with a team of eight FTEs who spend four months of their time working with the help of contracted professional services to get Microsoft Sentinel up and running. The organization has a team of two FTEs dedicated to annual enhancements and adds 40 new connections each year. As part of a highly regulated industry, the organization retains logs for 12 months.
For : 0 employees Ingests 0 GB per day in Year 1
Ref. | Benefit | Year 1 | Year 2 | Year 3 | Total | Present Value |
---|---|---|---|---|---|---|
Atr | Cost savings from legacy SIEM for licensing, storage, and infrastructure | $1,320,025$1,320,025 | $2,117,550 $2,117,550 | $2,915,075 $2,915,075 | $6,352,650 $6,352,650 | $5,140,203 $5,140,203 |
Btr | SOC team efficiency gains | $506,107 $506,107 | $614,510 $614,510 | $727,772 $727,772 | $1,848,389 $1,848,389 | $1,514,742 $1,514,742 |
Ctr | Management efficiencies | $457,083 $457,083 | $457,083 $457,083 | $457,083 $457,083 | $1,371,249 $1,371,249 | $1,136,698 $1,136,698 |
Dtr | Reduced time to deploy and configure with Microsoft Sentinel | $248,608 $248,608 | $248,608 $248,608 | $248,608 $248,608 | $745,823 $745,823 | $618,251 $618,251 |
Etr | Avoided and reduced impacts of security breach | $1,060,416 $1,060,416 | $1,136,298 $1,136,298 | $1,218,318 $1,218,318 | $3,415,032 $3,415,032 | $2,818,444 $2,818,444 |
Total benefits (risk-adjusted) | $3,592,238 $3,592,238 | $4,574,049 $4,574,049 | $5,566,856 $5,566,856 | $13,733,143 $13,733,143 | $11,228,338 $11,228,338 | |
Evidence and data. The interviewees’ organizations eliminated their legacy SIEM solutions, which reduced licensing costs for log ingestion and storage. Furthermore, moving to a cloud-based system meant the organizations no longer needed to store their log data on-premises and invest in costly infrastructure.
Modeling and assumptions. For the composite organization, Forrester assumes:
ingests security logs at a rate of 0 GB per day in Year 1. This scales to 0 GB per day in Year 2 and 0 GB per day in Year 3.
Risks. Organizations may experience results that differ from those presented in the financial model due to:
Results. To account for these risks, Forrester adjusted this benefit downward by 5%, yielding a three-year, risk-adjusted total PV (discounted at 10%) of $5.1 million.
For , this benefit might have a three-year, risk-adjusted PV of .
Ref. | Metric | Source | Year 1 | Year 2 | Year 3 | |
---|---|---|---|---|---|---|
A1 | Logs ingested daily in GB | CompositeComposite | 500 500 | 1,000 1,000 | 1,5001,500 | |
A2 | Log ingestion costs in the legacy solution | Composite | $401,500 $401,500 | $803,000 $803,000 | $1,204,500 $1,204,500 | |
A3 | Storage costs in the legacy solution | Composite | $438,000 $438,000 | $876,000 $876,000 | $1,314,000 $1,314,000 | |
A4 | Subtotal: Avoided legacy SIEM vendor costs | A2+A3 | $839,500 $839,500 | $1,679,000 $1,679,000 | $2,518,500 $2,518,500 | |
A5 | Avoided hardware costs for on-premises infrastructure and storage related to legacy SIEM | CompositeComposite | $500,000 $500,000 | $500,000 $500,000 | $500,000 $500,000 | |
A6 | Avoided operating expenses for on-premises infrastructure (HVAC, power, etc.) | A5*10% | $50,000 $50,000 | $50,000 $50,000 | $50,000 $50,000 | |
A7 | Subtotal: Avoided hardware and operation costs for on-premises infrastructure | A5+A6 | $550,000 $550,000 | $550,000 $550,000 | $550,000 $550,000 | |
At | Cost savings from legacy SIEM for licensing, storage, and infrastructure | A4+A7 | $1,389,500 $1,389,500 | $2,229,000 $2,229,000 | $3,068,500 $3,068,500 | |
Risk adjustment | ↓5% | |||||
Atr | Cost savings from legacy SIEM for licensing, storage, and infrastructure (risk-adjusted) | $1,320,025 $1,320,025 | $2,117,550 $2,117,550 | $2,915,075 $2,915,075 | ||
Three-year total: $6,352,650 $6,352,650 | Three-year present value: $5,140,203 $5,140,203 |
Evidence and data. Microsoft Sentinel’s AI-powered correlation engine and user behavior analytics gave SOC analysts at the interviewees’ organizations a prioritized view of the organization. It elevated high-priority threats and reduced false positives. Automation then enabled the SOC team to respond to these alerts rapidly with built-in orchestration of common tasks. As a result, interviewees noted a significant reduction in MTTR, with some seeing up to a 97% improvement.
Modeling and assumptions. For the composite organization, Forrester assumes:
has a SOC team of 0 full-time employees.
Risks Organizations may experience results that differ than those presented in the financial model due to:
Results. To account for these risks, Forrester adjusted this benefit downward by 5%, yielding a three-year, risk-adjusted total PV of $1.5 million.
For , this benefit might have a three-year, risk-adjusted PV of .
Ref. | Metric | Source | Year 1 | Year 2 | Year 3 | |
---|---|---|---|---|---|---|
B1 | SOC team (FTE) | CompositeComposite | 1515 | 1717 | 1919 | |
B2 | Time spent investigating false positives with the legacy solution | Composite | 25%25% | 25%25% | 25%25% | |
B3 | Reduced false positives with Microsoft Sentinel | Composite | 60%60% | 69%69% | 79%79% | |
B4 | Average fully burdened salary of an SOC analyst | $94,500*1.35$94,500*1.35 | $94,500 $94,500 | $94,500 $94,500 | $94,500 $94,500 | |
B5 | Subtotal: Analyst efficiency from fewer false positives | B1*B2*B3*B4 | $212,625 $212,625 | $277,121 $277,121 | $356,182 $356,182 | |
B6 | SOC analyst time dedicated to advanced/multitouch investigations with the legacy solution | Composite | 25%25% | 25%25% | 25%25% | |
B7 | Reduced labor effort for advanced/multitouch investigations - better correlations, searchability, dashboard info etc. | Composite | 85%85% | 85%85% | 85%85% | |
B8 | Subtotal: Analyst efficiency related to faster MTTR | B1*B4*B6*B7 | $301,219 $301,219 | $341,381 $341,381 | $381,544 $381,544 | |
B9 | New analyst hires | B1*15% | 22 | 33 | 33 | |
B10 | Reduced average salary for SOC analysts with Microsoft Sentinel | Composite | 10%10% | 10%10% | 10%10% | |
B11 | Subtotal: SOC analyst salary savings | B9*B4*B10 | $18,900 $18,900 | $28,350 $28,350 | $28,350 $28,350 | |
Bt | SOC team efficiency gains | B5+B8+B10 | $532,744 $532,744 | $646,853 $646,853 | $766,076 $766,076 | |
Risk adjustment | ↓5% | |||||
Btr | SOC team efficiency gains (risk-adjusted) | $506,107 $506,107 | $614,510 $614,510 | $727,772 $727,772 | ||
Three-year total: $1,848,389 $1,848,389 | Three-year present value: $1,514,742 $1,514,742 |
Evidence and data. Microsoft Sentinel’s cloud-based SIEM reduced the size and complexity of the on-premises infrastructure for the interviewees’ organizations, which eliminated both planning and maintenance efforts associated with the legacy SIEM deployment. Interviewees highlighted that management teams spent less time on maintenance and spent more time adding value to the business.
Modeling and assumptions. For the composite organization, Forrester assumes:
has a team of 0 full-time employees responsible for managing and maintaining the on-premises SIEM infrastructure.
Risks. Organizations may experience results that differ than those presented in the financial model due to:
Results. To account for these risks, Forrester adjusted this benefit downward by 5%, yielding a three-year, risk-adjusted total PV of $1.1 million.
For , this benefit might have a three-year, risk-adjusted PV of .
Ref. | Metric | Source | Year 1 | Year 2 | Year 3 | |
---|---|---|---|---|---|---|
C1 | FTE on infrastructure and SIEM management team | CompositeComposite | 66 | 66 | 66 | |
C2 | Reallocated infrastructure services professionals from no longer doing on-prem maintenance | Composite | 50%50% | 50%50% | 50%50% | |
C3 | Reallocated legacy solution specialist | Composite | 16%16% | 16%16% | 16%16% | |
C4 | Average salary on the management team | $90,000*1.35$90,000*1.35 | $121,500 $121,500 | $121,500 $121,500 | $121,500 $121,500 | |
Ct | Management efficiencies | ((C1*C2)+(C1*C3 ))*C4 | $481,140 $481,140 | $481,140 $481,140 | $481,140 $481,140 | |
Risk adjustment | ↓5% | |||||
Ctr | Management efficiencies (risk-adjusted) | $457,083 $457,083 | $457,083 $457,083 | $457,083 $457,083 | ||
Three-year total: $1,371,249 $1,371,249 | Three-year present value: $1,136,698 $1,136,698 |
“When Microsoft Sentinel came out through Microsoft, we took a look at it. It had absolutely everything that we needed, and I have a very proactive predictive strategy within my environment where I hate being reactive. … If we wait until we have something happen, we’ve already lost. Microsoft Sentinel has given us that ability.”
CISO, healthcare
Evidence and data. Microsoft Sentinel’s prebuilt playbooks, queries, automation, and other SIEM tools gave the interviewees’ organizations a head start in deployment and fine-tuning. Simplified data connections and integrations with many non-Microsoft systems reduced the time and effort involved with ingesting new data sources and allowed the organizations to cover more of their networks faster and with predictable monthly costs.
Modeling and assumptions. For the composite organization, Forrester assumes:
Risks. Organizations may experience results that differ than those presented in the financial model due to:
Results. To account for these risks, Forrester adjusted this benefit downward by 5%, yielding a three-year, risk-adjusted total PV of $618,000.
For , this benefit might have a three-year, risk-adjusted PV of .
Ref. | Metric | Source | Year 1 | Year 2 | Year 3 | |
---|---|---|---|---|---|---|
D1 | New connectors/integrations per year | CompositeComposite | 4040 | 4040 | 4040 | |
D2 | Hours to develop and deploy new connectors on legacy solution | Composite | 120120 | 120120 | 120120 | |
D3 | Hours to set up connector on Microsoft Sentinel | Composite | 88 | 88 | 88 | |
D4 | Time savings for configuration and deployment of integrations/connectors | D1*(D2-D3) | 4,4804,480 | 4,4804,480 | 4,4804,480 | |
D5 | Average salary of the management team | C5 | $121,500 $121,500 | $121,500 $121,500 | $121,500 $121,500 | |
Dt | Reduced time to deploy and configure with Microsoft Sentinel | D4*(D5/2080) | $261,692 $261,692 | $261,692 $261,692 | $261,692 $261,692 | |
Risk adjustment | ↓5% | |||||
Dtr | Reduced time to deploy and configure with Microsoft Sentinel (risk-adjusted) | $248,608 $248,608 | $248,608 $248,608 | $248,608 $248,608 | ||
Three-year total: $745,823 $745,823 | Three-year present value: $618,251 $618,251 |
Evidence and data. Microsoft Sentinel provided interviewees’ organizations with improved network coverage and visibility through easy connections to more data sources, free ingestion for some Microsoft logs, and flexible and predictable monthly pricing. This gave the organizations a better understanding of their risk profile and allowed them to prevent incidents. Microsoft Sentinel enabled organizations to adopt a proactive security strategy, and its robust capabilities allowed analysts to react faster and limit the costs of a successful attack. Interviewees noted that with Microsoft Sentinel they felt more secure and better prepared to defend against attacks than with their legacy solutions.
Modeling and assumptions. For the composite organization, Forrester assumes:
Risks. Organizations may experience results that differ than those presented in the financial model due to:
Results. To account for these risks, Forrester adjusted this benefit downward by 10%, yielding a three-year, risk-adjusted total PV of $2.8 million.
For , this benefit might have a three-year, risk-adjusted PV of .
Ref. | Metric | Source | Year 1 | Year 2 | Year 3 | |
---|---|---|---|---|---|---|
E1 | Estimated cost of single security breach, excluding productivity | Forrester research, CompositeForrester research, Composite | 3.2$620,000 | 3.2$651,000 | 3.2$683,550 | |
E2 | Estimated annual security breaches | Forrester research | 3.23.2 | 3.23.2 | 3.23.2 | |
E3 | Reduced likelihood of a breach due to improved visibility, threat hunting capabilities, and response times | Interviews | 35%35% | 35%35% | 35%35% | |
E4 | Subtotal: Value of avoided breaches due to Microsoft Sentinel | E1*E2*E3 | $694,400 $694,400 | $729,120 $729,120 | $765,576 $765,576 | |
E5 | Number of internal employees | Composite, 5% growth YoY | 10,00010,000 | 10,50010,500 | 11,02511,025 | |
E6 | Average hourly salary for business users | Benchmarks, 5% growth YoY | $48 $48 | $50 $50 | $53 $53 | |
E7 | Diminished/lost user productivity during breach (hours) | Forrester survey | 3.63.6 | 3.63.6 | 3.63.6 | |
E8 | Percentage of employees impacted per breach | Composite | 25%25% | 25%25% | 25%25% | |
E9 | Avoided lost internal productivity due to Sentinel reducing risk | (E2*E3)*(E5*E6*E7*E8) | $483,840 $483,840 | $533,434 $533,434 | $588,111 $588,111 | |
Et | Avoided and reduced impacts of security breach | $1,178,240 $1,178,240 | $1,262,554 $1,262,554 | $1,353,687 $1,353,687 | ||
Risk adjustment | ↓10% | |||||
Etr | Avoided and reduced impacts of security breach (risk-adjusted) | $1,060,416 $1,060,416 | $1,136,298 $1,136,298 | $1,218,318 $1,218,318 | ||
Three-year total: $3,415,032 $3,415,032 | Three-year present value: $2,818,444 $2,818,444 |
Interviewees mentioned the following additional benefits that their organizations experienced but were not able to quantify:
The value of flexibility is unique to each customer. There are multiple scenarios in which a customer might implement Microsoft Sentinel and later realize additional uses and business opportunities, including:
Flexibility would also be quantified when evaluated as part of a specific project (described in more detail in Appendix A).
Ref. | Cost | Initial | Year 1 | Year 2 | Year 3 | Total | Present Value |
---|---|---|---|---|---|---|---|
Ftr | Microsoft Sentinel costs | $0$0 | $607,257$607,257 | $1,196,874$1,196,874 | $1,795,311$1,795,311 | $3,599,442$3,599,442 | $2,890,048$2,890,048 |
Gtr | Deployment costs | $392,700 $392,700 | $12,758 $12,758 | $12,758 $12,758 | $12,758 $12,758 | $430,973 $430,973 | $424,426 $424,426 |
Htr | Training costs | $31,500 $31,500 | $4,200 $4,200 | $6,300 $6,300 | $6,300 $6,300 | $48,300 $48,300 | $45,258 $45,258 |
Total costs (risk-adjusted) | $0 $0 | $607,257 $607,257 | $1,196,874 $1,196,874 | $1,795,311 $1,795,311 | $3,599,442 $3,599,442 | $2,890,048 $2,890,048 | |
Evidence and data. With Microsoft Sentinel, interviewees’ organizations had predictable monthly costs and flexible pricing options, and they no longer needed to deal with capacity restrictions and scaling challenges. Organizations could leverage Microsoft’s flexible pricing to minimize monthly costs. Additionally, with no on-premises hardware or locked-in contracts, they could shift SIEM costs from capex to opex.
Modeling and assumptions. Organizations may experience results that differ from those presented in the financial model due to:
ingests security logs at a rate of 0 GB per day in Year 1. This scales to 0 GB per day in Year 2 and 0 GB per day in Year 3.
Risks. The third section details the potential risks that can impact the cost. These can be both qualitative and quantitative. State the risks in bullet form. Refer to Best Practices.
Results. To account for these risks, Forrester adjusted this cost upward by 0%, yielding a three-year, risk-adjusted total PV (discounted at 10%) of $2.9 million.
For , this cost might have a three-year, risk-adjusted PV of .
Ref. | Metric | Source | Initial | Year 1 | Year 2 | Year 3 |
---|---|---|---|---|---|---|
F1 | Daily logs ingested in GB | A1 | 0 | 500 500 | 1,0001,000 | 1,5001,500 |
F2 | Microsoft Sentinel costs | Composite | 0 | $607,257 $607,257 | $1,196,874 $1,196,874 | $1,795,311 $1,795,311 |
F3 | Cost to ingest Microsoft logs (Azure activities, Office 365, Microsoft security alerts, etc.) | Composite | 0 | $0 $0 | $0 $0 | $0 $0 |
Ft | Microsoft Sentinel costs | F2 | $0 $0 | $607,257 $607,257 | $1,196,874 $1,196,874 | $1,795,311 $1,795,311 |
Risk adjustment | 0% | |||||
Ftr | Microsoft Sentinel costs (risk-adjusted) | $0 $0 | $607,257 $607,257 | $1,196,874 $1,196,874 | $1,795,311 $1,795,311 | |
Three-year total: $3,599,442 $3,599,442 | Three-year present value: $2,890,048 $2,890,048 |
Evidence and data. Deploying Microsoft Sentinel was faster and easier for the interviewees’ organizations than deploying their legacy SIEM solutions. With Microsoft Sentinel’s prebuilt playbook, queries, data connections, and free ingestion for some Microsoft logs (Office 365 audit logs, Azure activity logs, and alerts from Microsoft Threat Protection solutions), organizations could start using Microsoft Sentinel with minimal effort for free and scale up from there.
Modeling and assumptions. This section explains how the modeling is done.
Risks. Organizations may experience results that differ from those presented in the financial model due to:
Results. To account for these risks, Forrester adjusted this cost upward by 5%, yielding a three-year, risk-adjusted total PV of $424,000.
For , this cost might have a three-year, risk-adjusted PV of .
“It took us about five years to get to be a six terabyte on-prem customer [with our previous solution]. It took us two months to set up Microsoft Sentinel and another two months to be at data-ingestion parity. It was insane."
CISO, financial services
Ref. | Metric | Source | Initial | Year 1 | Year 2 | Year 3 |
---|---|---|---|---|---|---|
G1 | Professional services | Composite | $50,000$50,000 | 0 | 0 | 0 |
G2 | FTEs on the deployment team | Composite | 88 | 0 | 0 | 0 |
G3 | Months to deploy | Composite | 44 | 0 | 0 | 0 |
G4 | FTEs on the enhancement team | Composite | 0 | 2.02.0 | 2.02.0 | 2.02.0 |
G5 | Time spent on new data connections and enhancements | Composite | 0 | 5%5% | 5%5% | 5%5% |
G6 | Management team fully burdened salary | C5 | $121,500 $121,500 | $121,500 $121,500 | $121,500 $121,500 | $121,500 $121,500 |
Gt | Deployment costs | G1+(G2*G6/12*G3)+(G4*G5*G6) | $374,000 $374,000 | $12,150 $12,150 | $12,150 $12,150 | $12,150 $12,150 |
Risk adjustment | ↑5% | |||||
Gtr | Deployment costs (risk-adjusted) | $392,700 $392,700 | $12,758 $12,758 | $12,758 $12,758 | $12,758 $12,758 | |
Three-year total: $430,973 $430,973 | Three-year present value: $424,426 $424,426 |
Evidence and data. Interviewees highlighted that Microsoft Sentinel was more intuitive and easier to train staff on than prior solutions. Their organizations devoted limited resources in onboarding existing staff and new hires, with the total investment being less than that for older on-premises solutions.
Modeling and assumptions. For the composite organization, Forrester assumes:
Risks. Organizations may experience results that differ from those presented in the financial model due to the size of their team and existing skills.
Results. To account for these risks, Forrester adjusted this cost upward by 5%, yielding a three-year, risk-adjusted total PV of $45,000.
For , this cost might have a three-year, risk-adjusted PV of .
Ref. | Metric | Source | Initial | Year 1 | Year 2 | Year 3 |
---|---|---|---|---|---|---|
H1 | Initial staff trained | B1 | 15 | 0 | 0 | 0 |
H2 | New hires trained | B9 | 0 | 22 | 33 | 33 |
H3 | Training cost per person | $2,000 $2,000 | $2,000 $2,000 | $2,000 $2,000 | $2,000 $2,000 | |
Ht | Training costs | (H1+H2)*H3 | $30,000 $30,000 | $4,000 $4,000 | $6,000 $6,000 | $6,000 $6,000 |
Risk adjustment | ↑5% | |||||
Htr | Training costs (risk-adjusted) | $31,500 $31,500 | $4,200 $4,200 | $6,300 $6,300 | $6,300 $6,300 | |
Three-year total: $48,300 $48,300 | Three-year present value: $45,258 $45,258 |
The financial results calculated in the Benefits and Costs sections can be used to determine the ROI, NPV, and payback period for the composite organization’s investment. Forrester assumes a yearly discount rate of 10% for this analysis.
These risk-adjusted ROI, NPV, and payback period values are determined by applying risk-adjustment factors to the unadjusted results in each Benefit and Cost section.
Initial | Year 1 | Year 2 | Year 3 | Total | Present Value | |
---|---|---|---|---|---|---|
Total costs | $424,200$424,200 | $624,215$624,215 | $1,215,932$1,215,932 | $1,814,369 $1,814,369 | $4,078,715 $4,078,715 | $3,359,732 $3,359,732 |
Total benefits | $0 $0 | $3,592,238 $3,592,238 | $4,574,049 $4,574,049 | $5,566,856 $5,566,856 | $13,733,143 $13,733,143 | $11,228,338 $11,228,338 |
Net benefits | ($424,200)($424,200) | $2,968,024 $2,968,024 | $3,358,117 $3,358,117 | $3,752,487 $3,752,487 | $9,654,428 $9,654,428 | $7,868,606 $7,868,606 |
ROI | 234%234% | |||||
Payback (months) | <6<6 | |||||
Total Economic Impact is a methodology developed by Forrester Research that enhances a company’s technology decision-making processes and assists vendors in communicating the value proposition of their products and services to clients. The TEI methodology helps companies demonstrate, justify, and realize the tangible value of IT initiatives to both senior management and other key business stakeholders.
Benefits represent the value delivered to the business by the product. The TEI methodology places equal weight on the measure of benefits and the measure of costs, allowing for a full examination of the effect of the technology on the entire organization.
Costs consider all expenses necessary to deliver the proposed value, or benefits, of the product. The cost category within TEI captures incremental costs over the existing environment for ongoing costs associated with the solution.
Flexibility represents the strategic value that can be obtained for some future additional investment building on top of the initial investment already made. Having the ability to capture that benefit has a PV that can be estimated.
Risks measure the uncertainty of benefit and cost estimates given: 1) the likelihood that estimates will meet original projections and 2) the likelihood that estimates will be tracked over time. TEI risk factors are based on “triangular distribution.”
The present or current value of (discounted) cost and benefit estimates given at an interest rate (the discount rate). The PV of costs and benefits feed into the total NPV of cash flows.
The present or current value of (discounted) future net cash flows given an interest rate (the discount rate). A positive project NPV normally indicates that the investment should be made unless other projects have higher NPVs.
A project’s expected return in percentage terms. ROI is calculated by dividing net benefits (benefits less costs) by costs.
The interest rate used in cash flow analysis to take into account the time value of money. Organizations typically use discount rates between 8% and 16%.
The breakeven point for an investment. This is the point in time at which net benefits (benefits minus costs) equal initial investment or cost.
The initial investment column contains costs incurred at “time 0” or at the beginning of Year 1 that are not discounted. All other cash flows are discounted using the discount rate at the end of the year. PV calculations are calculated for each total cost and benefit estimate. NPV calculations in the summary tables are the sum of the initial investment and the discounted cash flows in each year. Sums and present value calculations of the Total Benefits, Total Costs, and Cash Flow tables may not exactly add up, as some rounding may occur.
1 Total Economic Impact is a methodology developed by Forrester Research that enhances a company’s technology decision-making processes and assists vendors in communicating the value proposition of their products and services to clients. The TEI methodology helps companies demonstrate, justify, and realize the tangible value of IT initiatives to both senior management and other key business stakeholders.
2 Source: Forrester Consulting Cost Of A Cybersecurity Breach Survey, Q1 2021.
3 Source: Ibid
Forrester provides independent and objective research-based consulting to help leaders deliver key transformation outcomes. Fueled by our customer-obsessed research, Forrester’s seasoned consultants partner with leaders to execute on their priorities using a unique engagement model that tailors to diverse needs and ensures lasting impact. For more information, visit forrester.com/consulting.
© Forrester Research, Inc. All rights reserved. Unauthorized reproduction is strictly prohibited. Information is based on best available resources. Opinions reflect judgment at the time and are subject to change. Forrester®, Technographics®, Forrester Wave, and Total Economic Impact are trademarks of Forrester Research, Inc. All other trademarks are the property of their respective companies.
Cookie Preferences
Accept Cookies
Decline
Close
This website uses cookies to deliver functionality and enhance your experience. GDPR requires that we obtain your consent before activating these cookies. Please accept the use of cookies or review your cookie settings now.
A cookie is a small text file that a website saves on your computer or mobile device when you visit the site. It enables the website to remember your actions (data inputs, website navigation), so you don’t have to re-enter data when you come back to the site or browse from one page to another.
Behavioral information collected by our web analytics vendor is used to analyze data pertaining to visitor trends, plan website enhancements, and measure overall website effectiveness. We may also use cookies or web beacons to help us offer you products, programs, or services that may be of interest to you and to deliver relevant advertising. We may use third-party advertising companies to help tailor website content to users or to serve ads on our behalf. These companies may also employ cookies and web beacons to measure advertising effectiveness.
Please accept cookies and the collection of behavioral information to receive full functionality and enhance your experience. If you decline cookies, some features of the website may not function normally.
Please see our
Privacy Policy for more information.