The Total Economic Impact™ Of Netcraft Brand Protection

Cost Savings And Business Benefits Enabled By Netcraft

A FORRESTER TOTAL ECONOMIC IMPACT STUDY COMMISSIONED BY NETCRAFT, APRIL 2025

Maintaining a robust security posture demonstrates an organization’s dedication to protecting their customers and ensuring business resiliency.¹ Brand protection use cases show a proactive commitment to security and safeguarding customer information, which helps earn and retain customer trust. AI is improving efficiency in cybercrime detection, allowing security teams to focus more on prevention and remediation and transforming organizations’ security postures from reactive to proactive.

Netcraft provides a brand protection through a comprehensive suite of cybercrime detection, disruption, and takedown solutions. Their platform operates 24/7, utilizing automation, AI, machine learning and human insights to identify and mitigate threats, such as phishing, fraud, and other cyberattacks. Netcraft detects more than 100 unique threat types, including malicious websites and fraudulent domains, social media profiles, and email campaigns. Once threats are confirmed, their disruption and takedown solution ensures that malicious content is blocked and removed efficiently, typically within hours.

Netcraft commissioned Forrester Consulting to conduct a Total Economic Impact™ (TEI) study and examine the potential return on investment (ROI) enterprises may realize by deploying Netcraft Brand Protection.² The purpose of this study is to provide readers with a framework to evaluate the potential financial impact of Netcraft on their organizations.

Return on investment (ROI)

323%

Net present value (NPV)

$2.0M

To better understand the benefits, costs, and risks associated with this investment, Forrester interviewed five representatives with experience using Netcraft. For the purposes of this study, Forrester aggregated the interviewees’ experiences and combined the results into a single composite organization that is a global financial services organization with $36 billion in revenue and 120,000 employees.

Interviewees said that prior to using Netcraft, their organizations struggled to scale their cybercrime detection and takedowns across channels, domains, applications, and social media. Being from the financial sector, the interviewees’ organizations were prime targets for cybercriminals due to the sensitive nature of the data they handle and the trust customers place in them. However, prior attempts yielded limited success, leaving them with time-consuming manual processes to analyze, check and contact different actors and have the phishing sites taken down; an inability to scale the detection and takedowns across different platforms or regions; and an inability to do deeper analysis on the types of attacks and trends along with false negatives. These limitations led to inefficiencies, brand impersonation attacks, and fake websites, fake banks, and social media accounts popping up and affecting their brand reputation. This often led to financial losses for their customers and forced them to being more reactive than proactive.

After the investment in Netcraft, the interviewees’ organizations reduced manual tasks by using automated services, allowing them to detect more across 100 different attack types; scale their cybercrime detection to more brands, more executives, more regions and platforms; reduce average takedown times and decrease response times; and demonstrate to regulators and customers that they were proactive in this space. They were also able to do deeper analysis of the attacks and build up their cybercrime detection through the insights, improving their readiness and their customers’ awareness of what to look out for before entering their banking credentials. Key results from the investment include greater visibility into more threats, increased productivity in phishing detection and takedowns, increased efficiencies in social media impersonation detection and takedowns, and productivity savings in deep analysis of attacks.

Key Findings

Quantified benefits. Three-year, risk-adjusted present value (PV) quantified benefits for the composite organization include:

Increased productivity in phishing detection and takedowns. The use of Netcraft’s services increases visibility in detecting fraudulent sites, apps, and social media profiles at scale and increases efficiency in taking them down. The composite organization experiences time savings due to reduced false positives, faster takedown times and streamlined communication with third parties, all while strengthening and scaling their protection footprint. Overall, this leads to recaptured productivity amounting to $1.5 million over three years.
Labor savings in social media impersonation detection and takedowns. The use of Netcraft’s services increases the composite organization’s efficiency in detecting and taking down senior executive impersonations on various social media platforms. The composite organization reduces the amount of staff monitoring social media profiles, reallocating them to more value-added activities or reducing headcounts thanks to Netcraft’s solution. The composite scales its monitoring across different platforms, ensuring comprehensive protection and monitoring more executives simultaneously. Additionally, it completes takedowns faster, reducing reputational damage and improving overall security. Overall, this leads to cost savings of $671,000 over three years.
Productivity savings in deep analysis of attacks. The use of Netcraft’s services increases insights into phishing attacks through detailed analysis. Having access to comprehensive threat reports and Netcraft’s analysis saves the composite organization time in compiling and analyzing data from various internal sources. This deeper analysis provides an increased understanding of potential threats, improved internal awareness, and enhanced client education to better detect fraudulent bank sites. Overall, this leads to recaptured productivity amounting to $487,312 over three years.

Unquantified benefits. Benefits that provide value for the composite organization but are not quantified for this study include:

Improved customer experience. Netcraft’s faster detection and takedown capabilities reduce the likelihood of the composite’s customers being impacted by threats, resulting in a more positive customer experience and increased security. This proactive approach can not only enhance customer trust but also can reduce financial losses.
Improved brand reputation. Faster takedowns and fewer phishing incidents enhances the composite organization’s brand reputation and demonstrates a proactive approach to protecting employees and customers, which is vital for financial institutions.
Improved employee experience. Employee satisfaction increases as staff can focus on more strategic tasks rather than routine monitoring and reporting.
Proactivity against phishing attacks. Ongoing adjustments based on Netcraft’s insights helps the composite organization stay ahead of emerging threats, demonstrating a strong commitment to cybersecurity and making it less attractive targets for fraudsters.

Costs. Three-year, risk-adjusted PV costs for the composite organization include:

Annual license subscription fees. License fees for the composite organization’s brand protection and automated takedowns for five brands and impersonations against 10 executives total $614,000 over three years.
Implementation and ongoing management costs. The implementation of Netcraft requires little effort over a four-week period. The ongoing management is minimal and, following the initial training, very little time is required for further training annually. The implementation and ongoing management costs for the composite organization amount to $15,000 over three years.

The representative interviews and financial analysis found that a composite organization experiences benefits of $2.7 million over three years versus costs of $629,000, adding up to a net present value (NPV) of $2.0 million and an ROI of 323%.

“Quick detection and response to phishing attacks are crucial for banks. With Netcraft’s automated solution, we can now report and address phishing incidents within minutes, significantly reducing the window of exposure and preventing fraud.”

Fraud operations technician, financial services

“Before [Netcraft], it was a very long task to analyze, check, contact the different actors, and take down the website.”

DIGITAL FRAUD CENTER MANAGER, FINANCIAL SERVICES

Key Statistics

Return on investment (ROI)

323%

Benefits PV

$2.7M

Net present value (NPV)

$2.0M

Payback

<6 months

Benefits (Three-Year)

Increased efficiency in phishing detection and take down Labor savings in social media impersonation detection and take downs Productivity savings in deep analysis of attacks

TEI Framework And Methodology

From the information provided in the interviews, Forrester constructed a Total Economic Impact™ framework for those organizations considering an investment in Netcraft.

The objective of the framework is to identify the cost, benefit, flexibility, and risk factors that affect the investment decision. Forrester took a multistep approach to evaluate the impact that Netcraft can have on an organization.

Due Diligence

Interviewed Netcraft stakeholders and Forrester analysts to gather data relative to Netcraft’s Brand Protection.
Interviews

Interviewed five representatives at organizations using Netcraft to obtain data about costs, benefits, and risks.
Composite Organization

Designed a composite organization based on characteristics of the interviewees’ organizations.
Financial Model Framework

Constructed a financial model representative of the interviews using the TEI methodology and risk-adjusted the financial model based on issues and concerns of the interviewees.
Case Study

Employed four fundamental elements of TEI in modeling the investment impact: benefits, costs, flexibility, and risks. Given the increasing sophistication of ROI analyses related to IT investments, Forrester’s TEI methodology provides a complete picture of the total economic impact of purchase decisions. Please see Appendix A for additional information on the TEI methodology.

Disclosures

Readers should be aware of the following:

This study is commissioned by Netcraft and delivered by Forrester Consulting. It is not meant to be used as a competitive analysis.

Forrester makes no assumptions as to the potential ROI that other organizations will receive. Forrester strongly advises that readers use their own estimates within the framework provided in the study to determine the appropriateness of an investment in Netcraft.

Netcraft reviewed and provided feedback to Forrester, but Forrester maintains editorial control over the study and its findings and does not accept changes to the study that contradict Forrester’s findings or obscure the meaning of the study.

Netcraft provided the customer names for the interviews but did not participate in the interviews.

Consulting Team:

Elina Bauwens

Registration Required To Continue

COOKIE ACCEPTANCE IS REQUIRED TO REGISTER FOR ACCESS TO DIGITAL ASSET

Drivers leading to the Netcraft investment

Interviews

Role	Industry	Region	Annual Revenue
Digital fraud center manager	Financial services	Global	$65 billion
Fraud operations technician	Financial services	Global	$32.9 billion
Head of cyber fraud intelligence	Financial services	Global	$11.6 billion
Senior manager, open-source intelligence	Financial services	Global	$17.2 billion
Head of cyber fraud investigation and analysis	Financial services	Global	$54.1 billion

Key Challenges

The interviewees said that prior to using Netcraft for their brand and digital risk protection, their organizations were handling these tasks in-house or with other solutions. However, these processes were often not automated, limited in scope, and lacked transparency, leading to significant challenges and inefficiencies and leaving their banking customers at risk of phishing attacks that resulted in financial losses. Their organizations struggled to scale their cybercrime detection and takedowns across domains, applications, and social media.

The interviewees noted how their organizations struggled with common challenges, including:

Manual processes. Interviewees noted their organizations had to manually analyze, check, and contact different actors to have phishing sites and fraudulent banks taken down. This involved gathering evidence of the cyberattack, identifying the relevant parties providing resources to the attacker, and then contacting hosting providers, domain registrars, webmasters, and others via email, phone, or other means. This process was labor-intensive and inefficient and often included coordinating with various stakeholders to ensure that the fraudulent content was removed. Due to the manual nature of these processes, the interviewees’ organizations were often reactive in their approach to takedowns rather than being proactive, which meant the sites persisted online for longer periods of time.
Limited scale of detections and takedowns. The interviewees’ organizations struggled to scale their cybercrime detection and takedowns across domains, applications, and social media. The manual processes were not only time-consuming but also lacked the ability to handle the volume and complexity of modern cyberthreats. Interviewees noted that without automation, it was difficult to keep up with the sheer number of phishing sites and fraudulent activities. The inability to scale effectively led to fake banks and social media profiles popping up, which impacted brand reputation. These fraudulent entities could operate for longer periods before being detected and taken down, causing more damage and resulting in financial losses for customers. Social media impersonation detection was only done for one or two executive profiles and, in general, interviewees reported that there was minimal tracking of fraudulent activities on social media platforms, further limiting the effectiveness of their efforts.
Time from detection to takedown. The interviewees said their organizations’ manual processes and lack of automation meant that detecting and taking down phishing sites and other malicious content took a considerable amount of time. Many of the interviewees’ organizations did not have established relationships with hosting companies or domain registrars, which were crucial for quickly taking down malicious sites. Without these relationships, the process of getting threats removed was slower and less efficient. Due to the slow detection and takedown times, malicious sites could remain active for longer periods — often multiple days — increasing the potential damage to their organizations and customers. This extended exposure also meant that more users could fall victim to phishing attacks and other cyberthreats, resulting in greater losses for their banking customers.

Solution Requirements/Investment Objectives

The interviewees’ organizations searched for a solution that could:

Fully automate the detecting and taking down of fraudulent sites streamlining processes and reducing manual efforts.
Enhance takedown and response times to quickly address threats and minimize potential damage to their banking customers.
Improve brand reputation by demonstrating proactive measures to regulators and customers, showing they are actively combating phishing sites and impersonators, which was critical for the financial services sector.
Conduct deeper analysis of attacks to gain better insights and be more proactive in cybersecurity and awareness of phishing attacks.

Composite Organization

Based on the interviews, Forrester constructed a TEI framework, a composite company, and an ROI analysis that illustrates the areas financially affected. The composite organization is representative of the five interviewees, and it is used to present the aggregate financial analysis in the next section. The composite organization has the following characteristics:

Description of composite. The global financial services organization has revenues of $36 billion and employs 120,000 employees worldwide. The organization operates under multiple strong brands and has global operations and a large customer base of about 25 million customers. Annually it detects and takes down around 4,000 phishing attacks and 1,100 executive impersonations.

Deployment characteristics. The composite organization begins using the solution in Year 1 following a month-long implementation period. They roll out Netcraft’s detection and takedown services across five brands across sites, applications, and socials. They also roll out social media impersonation services for 10 executives globally within the first year.

Key Assumptions

Global financial services organization
$36 billion in revenue
120,000 employees
25 million customers
4,000 phishing attacks annually
1,100 social media impersonation attacks annually

“The median takedown time for social media impersonation accounts is now one day, whereas it was a week [before Netcraft].”

Senior manager, open-source intelligence, financial services

Quantified benefit data as applied to the composite

Total Benefits

Ref.	Benefit	Year 1	Year 2	Year 3	Total	Present Value
Atr	Increased efficiency in phishing detection and takedown	$559,872	$629,856	$629,856	$1,819,584	$1,502,737
Btr	Labor savings in social media impersonation detection and takedowns	$270,000	$270,000	$270,000	$810,000	$671,450
Ctr	Productivity savings in deep analysis of attacks	$195,955	$195,955	$195,955	$587,865	$487,312
	Total benefits (risk-adjusted)	$1,025,827	$1,095,811	$1,095,811	$3,217,450	$2,661,499

Increased Efficiency In Phishing Detection And Takedown

Evidence and data. Interviewees reported increased efficiency and consequent time savings in detecting and taking down fraudulent sites, apps, and social media profiles of their brands.

Interviewees said that they drastically reduced the time spent reviewing thousands of URLs each month due to Netcraft identifying and verifying fraudulent actors across sites, applications, and social media while operating 24/7. Netcraft’s precise detection mechanisms also reduced the number of false positives, saving time and effort that would otherwise be spent on investigating nonmalicious sites.
Interviewees also said Netcraft saved them the time typically spent in communicating via email and phone with third parties, including hosting providers, domain registrars, and webmasters, to take down fraudulent actors. In many cases before Netcraft, there were frequent back-and-forth exchanges to chase the takedown. Netcraft’s strong relationships with these third parties increased the speed of the takedowns. One interviewee noted that in the past, it would take two to three days for a website to be taken down. Now with Netcraft, the average takedown time was 6 to 7 hours, reducing the number of phishing-related incidents reported by customers and their financial losses.
Interviewees who worked with an incumbent provider also experienced time savings through Netcraft’s API and automation by reducing their need to chase their providers for updates on takedowns via email or phone calls. They also highlighted how the centralized management of Netcraft’s services allowed them to have easier oversight and coordination, making it simpler for the banks to monitor and respond to threats more efficiently.
Interviewees noted that using Netcraft enabled them to provide consistent detection and takedowns across various geographies, ensuring uniform security measures and quick response times regardless of location. This was particularly beneficial for those interviewees from multinational financial institutions that needed to maintain a high level of security across all their brands and online platforms.

Modeling and assumptions. Based on the interviews, Forrester assumes the following about the composite organization:

The composite spends 60 FTE hours per day reviewing logs; detecting fraudulent sites, apps, and social media profiles of their brands; and coordinating the takedown with hosting providers, domain registrars, webmasters and other via email etc.
The composite experiences an 80% reduction in time in Year 1; this reduction increases to 90% in Years 2 and 3 as the process becomes more established and there is a reduction in false positives.
The average fully burdened annual salary for a security engineer is $150,000, which results in a fully burdened hourly rate of roughly $72.

Risks. The potential risks associated with this benefit are as follows:

The amount of time spent detecting and taking down fraudulent sites can be seasonal and have peaks and valleys throughout the year.
The effectiveness of Netcraft’s services can vary based on geography, hosting provider, domain registrars, webmasters, etc.
The average fully burdened salary of a security engineer can vary by organization and geography

Results. To account for these risks, Forrester adjusted this benefit downward by 10%, yielding a three-year, risk-adjusted total PV (discounted at 10%) of $1.5 million.

Up to 90%

Time saved in phishing detection and takedowns

“Netcraft also offered us an API solution, where we could contact them directly without having to send emails. It was much more agile than what we had before.”

Fraud operations technician, financial services

Increased Efficiency In Phishing Detection And Takedown

Ref.	Metric	Source	Year 1	Year 2	Year 3
A1	Time spent on phishing detection and takedown prior to Netcraft	Interviews	14,400	14,400	14,400
A2	Fully burdened hourly rate for a security engineer	TEI standard	$72	$72	$72
A3	Percentage of time saved	Interviews	80%	90%	90%
A4	Productivity recapture rate	TEI standard	75%	75%	75%
At	Increased efficiency in phishing detection and takedown	A1A2A3*A4	$622,080	$699,840	$699,840
	Risk adjustment	↓10%
Atr	Increased efficiency in phishing detection and takedown (risk-adjusted)		$559,872	$629,856	$629,856
Three-year total: $1,819,584		Three-year present value: $1,502,737

Labor Savings In Social Media Impersonation Detection And Takedowns

Evidence and data. Interviewees reported labor savings in the detection and takedown of senior executive impersonations on different social media platforms.

Interviewees noted their organizations could reduce the amount of staff they had monitoring social media profiles and move them to more value-added activities like broader fraud prevention or reduce headcounts thanks to the service Netcraft provided.
The interviewees also said their organizations were able to scale their social media monitoring to different social media platforms, ensuring comprehensive protection across various channels, and monitor more executives simultaneously. One interviewee emphasized the negative impact on customer relationships when they unknowingly negotiated loan rates with a fake CIO of their bank on social media.
Interviewees noticed a decrease in the time it took their organizations to take down fraudulent social media profiles. One interviewee noted that prior to working with Netcraft, their organization took one week to take down a profile; with Netcraft, this time was reduced to one day due to the relationships Netcraft had with social media partners. The faster detection and takedown times reduced the risk of reputational damage, improved the overall security posture of the banks, and prevented fraudulent profiles from causing significant harm to brand and customer trust

Modeling and assumptions. Based on the interviews, Forrester assumes the following about the composite organization:

The composite organization has 2 FTEs working full time detecting and taking down fraudulent social media profiles of their executives across multiple different social media platforms.
The average fully burdened annual salary for a security engineer is $150,000.

Risks. The potential risks associated with this benefit are as follows:

The volume of senior executive impersonators can fluctuate throughout the year due to the evolving threat landscape. During low-attack periods, less resources might be needed for monitoring and detection.
The effectiveness of Netcraft’s services can vary based on social media platform.
The average fully burdened salary of a security engineer can vary by organization and geography.

Results. To account for these risks, Forrester adjusted this benefit downward by 10%, yielding a three-year, risk-adjusted total PV (discounted at 10%) of $671,000.

“We have a massive volume of fake profiles [of our executives], and it is very important for the reputation of our company to take down these kinds of profiles and say, ‘We are doing something against this threat.’”

Digital fraud center manager, financial services

Labor Savings In Social Media Impersonation Detection And Takedowns

Ref.	Metric	Source	Year 1	Year 2	Year 3
B1	Number of FTEs dedicated to social media impersonation detection and takedowns	Interview	2	2	2
B2	Fully burdened annual salary for a security engineer	TEI standard	$150,000	$150,000	$150,000
Bt	Labor savings in social media impersonation detection and takedowns	B1*B2	$300,000	$300,000	$300,000
	Risk adjustment	↓10%
Btr	Labor savings in social media impersonation detection and takedowns (risk-adjusted)		$270,000	$270,000	$270,000
Three-year total: $810,000		Three-year present value: $671,450

Productivity Savings In Deep Analysis Of Attacks

Evidence and data. Interviewees noted that Netcraft’s solution provided in-depth analysis of attack data, threat trends, takedown times, and phishing kits, giving the interviewees’ organizations deeper insights into how phishing attacks were constructed and delivered.

Interviewees’ noted that having access to the detailed and comprehensive reporting of threats and the Netcraft analysis saved their organizations time in compiling and analyzing data manually from various internal sources.
This deeper analysis provided the interviewees’ organizations with an increased understanding of potential threats, provided transparency, and improved internal awareness and client education to identify possible fake banks.
The ability to access historical data and records of past incidents and takedowns helped the interviewees analyze trends and improve future responses, as well as allowed them to anticipate and prepare for future threats more effectively and take down fake banks before they could impact their customers.

Modeling and assumptions. Based on the interviews, Forrester assumes the following about the composite organization:

The composite has 6 FTEs spending 20 hours per week collecting data from different internal sources, analyzing the data, and reporting on it to improve the organization’s security readiness.
The composite experiences a 70% reduction in time saved due to the built-in reporting and analysis functionality.
The average fully burdened annual salary for a security engineer is $150,000, which results in a fully burdened hourly rate of roughly $72.

Risks. The potential risks associated with this benefit are as follows:

The volume of data gathered and analyzed may vary periodically based on the volume of attacks the organization faces at any given time.
The average fully burdened salary of a security engineer can vary by organization and geography.

Results. To account for these risks, Forrester adjusted this benefit downward by 10%, yielding a three-year, risk-adjusted total PV (discounted at 10%) of $487,000.

70%

Time saved on deep analysis of attacks

“Netcraft gave us more visibility with their portal access and better reporting metrics, so the analysts weren’t doing a lot of manual effort when it came to reporting. Netcraft provided us monthly statistics through email that are very visually easy to understand and [easy to] brief the team on.”

Senior manager, open-source intelligence, financial services

Productivity Savings In Deep Analysis Of Attacks

Ref.	Metric	Source	Year 1	Year 2	Year 3
C1	Time spent on deep analysis prior to Netcraft	Interview	960	960	960
C2	Number of FTEs involved in deep analysis	Interview	6	6	6
C3	Fully burdened hourly rate for a security engineer	TEI standard	$72	$72	$72
C4	Percentage of time saved	Interview	70%	70%	70%
C5	Productivity recapture rate	TEI standard	75%	75%	75%
Ct	Productivity savings in deep analysis of attacks	C1C2C3C4C5	$217,728	$217,728	$217,728
	Risk adjustment	↓10%
Ctr	Productivity savings in deep analysis of attacks (risk-adjusted)		$195,955	$195,955	$195,955
Three-year total: $587,866		Three-year present value: $487,312

Unquantified Benefits

Interviewees mentioned the following additional benefits that their organizations experienced but were not able to quantify:

Improved customer experience. Interviewees noted that Netcraft’s faster detection and takedown capabilities meant that phishing sites, fake banks, and other threats were neutralized faster, reducing the likelihood of customers being impacted and thus resulting in a more positive customer experience. These improved defenses also meant customers would feel more secure knowing that their financial data and transactions were actively protected online, enhancing customer trust and reducing potential financial losses.
Improved brand reputation. The interviewees felt that their organizations’ brand reputations increased with the faster takedowns and less customers/employees falling prey to the phishing scams, thus reducing fraud cases. The interviewees felt that, after Netcraft, their organizations were seen by regulators and customers as being more proactive in protecting their employees’ and customers’ sensitive financial information.
Improved employee experience. The interviewees noted that their employees’ satisfaction rose as their staff were able to focus on more strategic and impactful tasks, such as broader fraud prevention, rather than routine monitoring, reporting, and chasing providers for takedown support and updates.
Proactivity against phishing attacks. The ongoing adjustments and improvements the interviewees’ organizations implemented based on the insights received from Netcraft’s analysis helped them stay ahead of emerging threats. The interviewees also felt that their organizations’ use of advanced threat detection and takedown services demonstrated a strong commitment to cybersecurity, enhancing their organizations’ reputations and making them less attractive targets for fraudsters.

“Prior [to Netcraft], there was just a lack of efficiency, effectiveness, and transparency in terms of the steps being taken [by the previous provider] to mitigate risk once we reported an attack other than an acknowledgement that they received a report. After that, we wouldn’t really know if those steps were effective and if the attack is effectively offline.

Senior manager, open-source intelligence, financial services

Flexibility

The value of flexibility is unique to each customer. There are multiple scenarios in which a customer might implement Netcraft Brand Protection and later realize additional uses and business opportunities, including:

Preparedness for new types of attacks. With the insights the interviewees’ organizations gathered from the data Netcraft provides, the interviewees felt they were ahead of the curve and ready to respond to new types of attacks faster. This was particularly important with the financial services industry being a high target for fraudsters that are constantly evolving their phishing attack tactics.
Increased scalability. Interviewees noted that it was easy for them to add on additional services from Netcraft and broaden the scope of their services to include new brands and new geographies, which was helpful for them as many of the financial institutions were actively expanding through mergers and acquisitions.

Flexibility would also be quantified when evaluated as part of a specific project (described in more detail in Appendix A).

“During the POC, we saw that Netcraft had the best time when it came to getting a takedown of a web page.”

Fraud operations technician, financial services

“Before [Netcraft], it could take up to an hour to start with that process [takedown]. Now, practically in 1 minute it is already reported and Netcraft is already in communication with the hosting.”

Fraud operations technician, financial services

Quantified cost data as applied to the composite

Total Costs

Ref.	Cost	Initial	Year 1	Year 2	Year 3	Total	Present Value
Dtr	Annual license subscription fees	$0	$246,750	$246,750	$246,750	$740,250	$613,631
Etr	Implementation and ongoing management costs	$7,524	$3,010	$3,010	$3,010	$16,553	$15,008
	Total costs (risk-adjusted)	$7,524	$249,760	$249,760	$249,760	$756,803	$628,639

Annual License Subscription Fees

Evidence and data. Interviewees noted that Netcraft’s services and license package were tailored to their organizations’ specific needs and the amount of brands and employees that needed protection.

Modeling and assumptions. Based on the interviews, Forrester assumes the following about the composite organization:

Detection and takedown services for five brands.
Employee impersonation services for 10 executives.

Risks. This cost may vary among organizations based on the size and services of the Netcraft contract, the organization’s region, the type of organization, and changes over time.

Results. To account for these risks, Forrester adjusted this cost upward by 5%, yielding a three-year, risk-adjusted total PV (discounted at 10%) of $614,000.

Annual License Subscription Fees

Ref.	Metric	Source		Initial	Year 1	Year 2	Year 3
D1	Annual license fees	Interviews			$235,000	$235,000	$235,000
Dt	Annual license subscription fees	D1		$0	$235,000	$235,000	$235,000
	Risk adjustment	↑5%
Dtr	Annual license subscription fees (risk-adjusted)			$0	$246,750	$246,750	$246,750
Three-year total: $740,250			Three-year present value: $613,631

Implementation And Ongoing Management Costs

Evidence and data. The interviewees found Netcraft’s implementation to be relatively straightforward and collaborative, which allowed their organizations and Netcraft to fine-tune their detection and takedown processes. The setup involved configuring detection rules, integrating APIs, and populating the platform with relevant data, such as verified domains and brand information. Netcraft provided initial training through live sessions and training videos. Some users found the training videos helpful, while others preferred hands-on learning.

Modeling and assumptions. Based on the interviews, Forrester assumes the following about the composite organization:

Two people dedicate 2 hours a day for four weeks on implementation.
One FTE spends 3 hours per month on ongoing management.
15 FTE hours are spent on initial training followed by 2 hours annually for further upskilling.

Risks. The cost of implementation, onboarding, and ongoing management will vary with:

The complexity of an organization’s IT landscape and security architecture guidelines.
The industry they operate in.
The number of internal stakeholders involved in implementation, onboarding and ongoing management, the amount of time they commit, and their fully burdened hourly rates.

Results. To account for these risks, Forrester adjusted this cost upward by 10%, yielding a three-year, risk-adjusted total PV (discounted at 10%) of $15,008.

Implementation And Ongoing Management Costs

Ref.	Metric	Source	Initial	Year 1	Year 2	Year 3
E1	Implementation effort (hours)	Interviews	80
E2	Ongoing management effort (hours)	Interviews		36	36	36
E3	Training effort (hours)	Interviews	15	2	2	2
E4	Fully burdened hourly rate for a security engineer	TEI standard	$72	$72	$72	$72
Et	Implementation and ongoing management costs	(E1+E2+E3)*E4	$6,840	$2,736	$2,736	$2,736
	Risk adjustment	↑10%
Etr	Implementation and ongoing management costs (risk-adjusted)		$7,524	$3,010	$3,010	$3,010
Three-year total: $16,553		Three-year present value: $15,008

Consolidated Three-Year, Risk-Adjusted Metrics

Cash Flow Chart (Risk-Adjusted)

Total costs Total benefits Cumulative net benefits Initial Year 1 Year 2 Year 3

The financial results calculated in the Benefits and Costs sections can be used to determine the ROI, NPV, and payback period for the composite organization’s investment. Forrester assumes a yearly discount rate of 10% for this analysis.

These risk-adjusted ROI, NPV, and payback period values are determined by applying risk-adjustment factors to the unadjusted results in each Benefit and Cost section.

Cash Flow Analysis (Risk-Adjusted Estimates)

	Initial	Year 1	Year 2	Year 3	Total	Present Value
Total costs	($7,524)	($249,760)	($249,760)	($249,760)	($756,803)	($628,639)
Total benefits	$0	$1,025,827	$1,095,811	$1,095,811	$3,217,450	$2,661,499
Net benefits	($7,524)	$776,068	$846,052	$846,052	$2,460,647	$2,032,860
ROI						323%
Payback						<6 months

Appendix A: Total Economic Impact

Total Economic Impact is a methodology developed by Forrester Research that enhances a company’s technology decision-making processes and assists vendors in communicating the value proposition of their products and services to clients. The TEI methodology helps companies demonstrate, justify, and realize the tangible value of IT initiatives to both senior management and other key business stakeholders.

Total Economic Impact Approach

Benefits represent the value delivered to the business by the product. The TEI methodology places equal weight on the measure of benefits and the measure of costs, allowing for a full examination of the effect of the technology on the entire organization.
Costs consider all expenses necessary to deliver the proposed value, or benefits, of the product. The cost category within TEI captures incremental costs over the existing environment for ongoing costs associated with the solution.
Flexibility represents the strategic value that can be obtained for some future additional investment building on top of the initial investment already made. Having the ability to capture that benefit has a PV that can be estimated.
Risks measure the uncertainty of benefit and cost estimates given: 1) the likelihood that estimates will meet original projections and 2) the likelihood that estimates will be tracked over time. TEI risk factors are based on “triangular distribution.”

PRESENT VALUE (PV)

The present or current value of (discounted) cost and benefit estimates given at an interest rate (the discount rate). The PV of costs and benefits feed into the total NPV of cash flows.
NET PRESENT VALUE (NPV)

The present or current value of (discounted) future net cash flows given an interest rate (the discount rate). A positive project NPV normally indicates that the investment should be made unless other projects have higher NPVs.
RETURN ON INVESTMENT (ROI)

A project’s expected return in percentage terms. ROI is calculated by dividing net benefits (benefits less costs) by costs.
DISCOUNT RATE

The interest rate used in cash flow analysis to take into account the time value of money. Organizations typically use discount rates between 8% and 16%.
PAYBACK PERIOD

The breakeven point for an investment. This is the point in time at which net benefits (benefits minus costs) equal initial investment or cost.

The initial investment column contains costs incurred at “time 0” or at the beginning of Year 1 that are not discounted. All other cash flows are discounted using the discount rate at the end of the year. PV calculations are calculated for each total cost and benefit estimate. NPV calculations in the summary tables are the sum of the initial investment and the discounted cash flows in each year. Sums and present value calculations of the Total Benefits, Total Costs, and Cash Flow tables may not exactly add up, as some rounding may occur.

Appendix B: Endnotes

¹ Source: The External Threat Intelligence Service Providers Landscape, Q1 2025, Forrester Research, Inc., January 9, 2025.

² Total Economic Impact is a methodology developed by Forrester Research that enhances a company’s technology decision-making processes and assists vendors in communicating the value proposition of their products and services to clients. The TEI methodology helps companies demonstrate, justify, and realize the tangible value of IT initiatives to both senior management and other key business stakeholders.

ABOUT FORRESTER CONSULTING

Forrester provides independent and objective research-based consulting to help leaders deliver key transformation outcomes. Fueled by our customer-obsessed research, Forrester’s seasoned consultants partner with leaders to execute on their priorities using a unique engagement model that tailors to diverse needs and ensures lasting impact. For more information, visit forrester.com/consulting.

© Forrester Research, Inc. All rights reserved. Unauthorized reproduction is strictly prohibited. Information is based on best available resources. Opinions reflect judgment at the time and are subject to change. Forrester®, Technographics®, Forrester Wave, and Total Economic Impact are trademarks of Forrester Research, Inc. All other trademarks are the property of their respective companies.

Cookie Settings

This website uses cookies to deliver functionality and enhance your experience. GDPR requires that we obtain your consent before activating these cookies. Please accept the use of cookies or review your cookie settings now.

A cookie is a small text file that a website saves on your computer or mobile device when you visit the site. It enables the website to remember your actions (data inputs, website navigation), so you don’t have to re-enter data when you come back to the site or browse from one page to another.

Behavioral information collected by our web analytics vendor is used to analyze data pertaining to visitor trends, plan website enhancements, and measure overall website effectiveness. We may also use cookies or web beacons to help us offer you products, programs, or services that may be of interest to you and to deliver relevant advertising. We may use third-party advertising companies to help tailor website content to users or to serve ads on our behalf. These companies may also employ cookies and web beacons to measure advertising effectiveness.

Please accept cookies and the collection of behavioral information to receive full functionality and enhance your experience. If you decline cookies, some features of the website may not function normally.

Please see our Privacy Policy for more information.

Executive Summary

Key Findings

Table Of Contents

Key Statistics

323%

$2.7M

$2.0M

<6 months

Benefits (Three-Year)

TEI Framework And Methodology

Due Diligence

Interviews

Composite Organization

Financial Model Framework

Case Study

Disclosures

Registration Required To Continue

The Netcraft Brand Protection Customer Journey

Drivers leading to the Netcraft investment

Interviews

Key Challenges

Solution Requirements/Investment Objectives

Composite Organization

Key Assumptions

Analysis Of Benefits

Quantified benefit data as applied to the composite

Total Benefits

Increased Efficiency In Phishing Detection And Takedown

Increased Efficiency In Phishing Detection And Takedown

Labor Savings In Social Media Impersonation Detection And Takedowns

Labor Savings In Social Media Impersonation Detection And Takedowns

Productivity Savings In Deep Analysis Of Attacks

Productivity Savings In Deep Analysis Of Attacks

Unquantified Benefits

Flexibility

Analysis Of Costs

Quantified cost data as applied to the composite

Total Costs

Annual License Subscription Fees

Annual License Subscription Fees

Implementation And Ongoing Management Costs

Implementation And Ongoing Management Costs

Financial Summary

Consolidated Three-Year, Risk-Adjusted Metrics

Cash Flow Chart (Risk-Adjusted)

Cash Flow Analysis (Risk-Adjusted Estimates)

Appendixes

Appendix A: Total Economic Impact

Total Economic Impact Approach

PRESENT VALUE (PV)

NET PRESENT VALUE (NPV)

RETURN ON INVESTMENT (ROI)

DISCOUNT RATE

PAYBACK PERIOD

Appendix B: Endnotes

ABOUT FORRESTER CONSULTING