Making the Financial Case for Outsourcing Endpoint …...Making the Financial Case for Outsourcing...

Making the Financial Case for Outsourcing Endpoint ProtectionA Guide to Calculating Endpoint Risk and Operational Savings

Making the Financial Case for Outsourcing Endpoint Protection

Table of Contents

02 Executive Summary

03 Calculation Inputs

04 Financial Risk

05 Probability of One or More Incidents (12-Month Period)

06 Probability of the Incident Resulting in Data Disclosure

06 Probability of an Incident Resulting in Data Disclosure, Per Number of Locations

07 Impact

08 Incurred Yearly Risk

08 Global Average

09 Finance Industry

09 Insurance Industry

10 Healthcare Industry

10 Legal Industry

11 Manufacturing Industry

11 Retail Industry

12 Technology Industry

13 Operational Savings

13 Cost of Inefficiencies: False Positives

14 Cost of Inefficiencies: True Positives

14 Personnel, Tools and Maintenance

15 Putting It All Together

16 Sample Calculation

18 Conclusion

18 References


03

Reaching $18.4 billion by 2024, the endpoint security market will continue to expand at a compound annual growth rate (CAGR) of 7.6 percent.1 This growth is in parallel to the proliferation of endpoints across mobile, bring your own device (BYOD), remote workers and virtual instances. Though endpoint security currently constitutes 24 percent of overall security spend 2, threats continue to outpace the capability of in-house cybersecurity functions to cost effectively mitigate risk.

In the latest Ponemon State of Endpoint Risk Study, 64 percent of survey respondents indicated their organizations suffered a data asset and/or IT infrastructure compromise in 2018; this number reflected an increase over the previous year (54 percent).3

Of those breached, 57 percent reported significant disruption to business operations with the loss of more than 1,000 records containing sensitive or confidential information.4

While endpoint risk is undeniable and investment is justified, making the business case for why outsourcing endpoint protection delivers positive returns by improving operational efficiency and minimizing risk is difficult without contextual quantification.

In this guide, we show how to calculate savings in the context of your organization’s risk, while accounting for size and industry. After reading, you will be armed with the information needed to demonstrate to your leadership and budget authorities the value of outsourcing endpoint protection.

Executive Summary


04

Calculation Inputs In the following sections we examine the inputs of our justification calculation: • Financial risk

- Probability of one or more incidents

- Probability of the incident resulting in data disclosure

- Financial risk of data disclosure (incident conversion to disclosure)

- Financial risk per incident

- Industry breakout and details • Operational savings

- Alerts, triage and investigation costs

- False positives

- True positives

- Security Operations Center (SOC) Team/Security Team Operational Costs


05

Financial RiskProbability of One or More Incidents (12-Month Period)

To calculate risk, you must assess the probability of an endpoint incident occurring. Unfortunately, that probability is dependent upon a multitude of factors which require statistically significant data reflective of your unique situation.

The most accurate way to inform predictions about risk in the messiness of the real world is to study risk in the real world. Using observational data from our SOCs, eSentire calculated the mean probability that an organization had at least one incident involving a bypass of existing endpoint security controls, in a 12-month period, with industry and the number of locations being protected serving as parameters (Table 1).

Number of Locations

Industry

Global Average

Finance Healthcare Insurance Legal Manufacturing Retail Technology

1 23% 20% 34% 23% 34% 38% 60% 27%

2 40% 37% 57% 41% 57% 61% 84% 46%

3 54% 50% 71% 55% 72% 76% 94% 61%

4 64% 60% 81% 65% 82% 85% 97% 71%

5 72% 68% 88% 73% 88% 90% 99% 79%

6 79% 75% 92% 80% 92% 94% 99% 85%

7 84% 80% 95% 84% 95% 96% 99% 89%

8 87% 84% 96% 88% 97% 98% 99% 92%

9 90% 87% 98% 91% 98% 99% 99% 94%

10 92% 90% 98% 93% 99% 99% 99% 96%

TABLE 1: PROBABILITY OF ONE OR MORE INCIDENTS BY INDUSTRY AND NUMBER OF LOCATIONS


06

Probability of the Incident Resulting in Data Disclosure

One clear observation is that the more sites an organization has, the higher the risk—this conclusion follows logically: the more sites, the larger the threat surface, and the more opportunities for attackers. However, to calculate financial risk, we must know the conversion rates of an incident resulting in data disclosure. Verizon’s 2019 Data Breach Investigations Report showed that organizations which experienced an incident converted to data disclosure at an average rate of 29.6 percent.5

However, industry averages varied widely from 22.3 percent to 65.2 percent (Table 2). The disparity in conversion rates is likely due to the nature and value of the data protected and the level of security investment.

Industry

Global Average


29.6% 22.3% 22.3% 65.2% 23.4% 24.7% 59.4% 23.4%

TABLE 2: PROBABILITY OF AN INCIDENT CONVERTING INTO A FULL DATA BREACH EVENT BY INDUSTRY

Probability of an Incident Resulting in Data Disclosure, Per Number of Locations

Thus far we have the probability of experiencing one or more security incidents in a 12-month period (Table 1) and the probability of a security incident being a data breach (Table 2). To arrive at the probability of one or more data disclosure events in that 12-month period we must apply the following formula: P(D) = P(I) P(B) If, over a period of 12 months, we let P(I) denote the probability of experiencing one or more security incidents and P(B) denote the probability of a security incident being a data breach, then P(D) describes the probability of one or more data disclosure events during security incidents over a 12-month period. Table 3 can be used as a useful recent historical shorthand reference for probability of an organization having incurred breach-level costs on at least one incident, without a security monitoring program in place.


07

Impact

To determine risk we need the financial impact per record lost when a data breach occurs. In the 2019 Ponemon Cost of a Data Breach study, organizations reported on average the following cost per record lost.6

Number of Locations

Industry

Global Average


1 6.8% 4.5% 22.2% 5.1% 8.0% 9.4% 35.6% 6.3%

2 11.8% 8.3% 37.2% 9.1% 13.3% 15.1% 49.9% 10.8%

3 16.0% 11.2% 46.3% 12.3% 16.8% 18.8% 55.8% 14.3%

4 18.9% 13.4% 52.8% 14.5% 19.2% 21.0% 57.6% 16.6%

5 21.3% 15.2% 57.4% 16.3% 20.6% 22.2% 58.8% 18.5%

6 23.4% 16.7% 60.0% 17.8% 21.5% 23.2% 58.8% 19.9%

7 24.9% 17.8% 61.9% 18.7% 22.2% 23.7% 58.8% 20.8%

8 25.8% 18.7% 62.6% 19.6% 22.7% 24.2% 58.8% 21.5%

9 26.6% 19.4% 63.9% 20.3% 22.9% 24.5% 58.8% 22.0%

10 27.2% 20.1% 63.9% 20.7% 23.2% 24.5% 58.8% 22.5%

TABLE 3: PROBABILITY OF ONE OR MORE DATA BREACH INCIDENTS BY INDUSTRY AND NUMBER OF LOCATIONS

Global Average

Finance and Insurance

Healthcare Legal Manufacturing Retail Technology

$150 $210 $429 $178 $160 $119 $183

TABLE 4: FINANCIAL IMPACT PER RECORD LOST BY INDUSTRY


08

Incurred Yearly Risk

Having information for both impact cost of a breach and probability of at least one breach occurring we can then assess incurred yearly risk through the standard formula: Risk = Probability X Impact Probability: The probability of a data breach, taken from table 3 Impact: The cost of a breach, taken from table 4 and applied to the expected scope of records lost The following tables represent yearly incurred risk relevant to each industry. Studies for average records lost per data breach correlative to number of locations are not available, so organizations calculating their risk must estimate the quantity of records they are likely to lose in the event of a data breach.

*Note: The values below are incurred yearly risk based on a minimum of one incident per year. Studies have shown organizations that have one incident are likely to have additional incidents. If you believe your organization will have more than one incident, your incurred yearly risk will increase in relation to projected records lost.

Number of Locations

Records Lost

Incident and

Conversion Probability

1,000 5,000 10,000 25,000 50,000 100,000

1 6.8% $10,212 $51,060 $102,120 $255,300 $510,600 $1,021,200

2 11.8% $17,760 $88,800 $177,600 $444,000 $888,000 $1,776,000

3 16.0% $23,976 $119,880 $239,760 $599,400 $1,198,800 $2,397,600

4 18.9% $28,416 $142,080 $284,160 $710,400 $1,420,800 $2,841,600

5 21.3% $31,968 $159,840 $319,680 $799,200 $1,598,400 $3,196,800

6 23.4% $35,076 $175,380 $350,760 $876,900 $1,753,800 $3,507,600

7 24.9% $37,296 $186,480 $372,960 $932,400 $1,864,800 $3,729,600

8 25.8% $38,628 $193,140 $386,280 $965,700 $1,931,400 $3,862,800

9 26.6% $39,960 $199,800 $399,600 $999,000 $1,998,000 $3,996,000

10 27.2% $40,848 $204,240 $408,480 $1,021,200 $2,042,400 $4,084,800

TABLE 5: GLOBAL AVERAGE


09

TABLE 6: FINANCE INDUSTRY

TABLE 7: INSURANCE INDUSTRY

Number of Locations

Records Lost

Incident and


1,000 5,000 10,000 25,000 50,000 100,000

1 4.50% $9,450 $47,250 $94,500 $236,250 $472,500 $945,000

2 8.30% $17,430 $87,150 $174,300 $435,750 $871,500 $1,743,000

3 11.20% $23,520 $117,600 $235,200 $588,000 $1,176,000 $2,352,000

4 13.40% $28,140 $140,700 $281,400 $703,500 $1,407,000 $2,814,000

5 15.20% $31,920 $159,600 $319,200 $798,000 $1,596,000 $3,192,000

6 16.70% $35,070 $175,350 $350,700 $876,750 $1,753,500 $3,507,000

7 17.80% $37,380 $186,900 $373,800 $934,500 $1,869,000 $3,738,000

8 18.70% $39,270 $196,350 $392,700 $981,750 $1,963,500 $3,927,000

9 19.40% $40,740 $203,700 $407,400 $1,018,500 $2,037,000 $4,074,000

10 20.10% $42,210 $211,050 $422,100 $1,055,250 $2,110,500 $4,221,000

Number of Locations

Records Lost

Incident and


1,000 5,000 10,000 25,000 50,000 100,000

1 5.10% $9,078 $45,390 $90,780 $226,950 $453,900 $907,800

2 9.10% $16,198 $80,990 $161,980 $404,950 $809,900 $1,619,800

3 12.30% $21,894 $109,470 $218,940 $547,350 $1,094,700 $2,189,400

4 14.50% $25,810 $129,050 $258,100 $645,250 $1,290,500 $2,581,000

5 16.30% $29,014 $145,070 $290,140 $725,350 $1,450,700 $2,901,400

6 17.80% $31,684 $158,420 $316,840 $792,100 $1,584,200 $3,168,400

7 18.70% $33,286 $166,430 $332,860 $832,150 $1,664,300 $3,328,600

8 19.60% $34,888 $174,440 $348,880 $872,200 $1,744,400 $3,488,800

9 20.30% $36,134 $180,670 $361,340 $903,350 $1,806,700 $3,613,400

10 20.70% $36,846 $184,230 $368,460 $921,150 $1,842,300 $3,684,600


10

TABLE 8: HEALTHCARE INDUSTRY

TABLE 9: LEGAL INDUSTRY

Number of Locations

Records Lost

Incident and


1,000 5,000 10,000 25,000 50,000 100,000

1 22.20% $95,238 $476,190 $952,380 $2,380,950 $4,761,900 $9,523,800

2 37.20% $159,588 $797,940 $1,595,880 $3,989,700 $7,979,400 $15,958,800

3 46.30% $198,627 $993,135 $1,986,270 $4,965,675 $9,931,350 $19,862,700

4 52.80% $226,512 $1,132,560 $2,265,120 $5,662,800 $11,325,600 $22,651,200

5 57.40% $246,246 $1,231,230 $2,462,460 $6,156,150 $12,312,300 $24,624,600

6 60.00% $257,400 $1,287,000 $2,574,000 $6,435,000 $12,870,000 $25,740,000

7 61.90% $265,551 $1,327,755 $2,655,510 $6,638,775 $13,277,550 $26,555,100

8 62.60% $268,554 $1,342,770 $2,685,540 $6,713,850 $13,427,700 $26,855,400

9 63.90% $274,131 $1,370,655 $2,741,310 $6,853,275 $13,706,550 $27,413,100

10 63.90% $274,131 $1,370,655 $2,741,310 $6,853,275 $13,706,550 $27,413,100

Number of Locations

Records Lost

Incident and


1,000 5,000 10,000 25,000 50,000 100,000

1 8.00% $14,240 $71,200 $142,400 $356,000 $712,000 $1,424,000

2 13.30% $23,674 $118,370 $236,740 $591,850 $1,183,700 $2,367,400

3 16.80% $29,904 $149,520 $299,040 $747,600 $1,495,200 $2,990,400

4 19.20% $34,176 $170,880 $341,760 $854,400 $1,708,800 $3,417,600

5 20.60% $36,668 $183,340 $366,680 $916,700 $1,833,400 $3,666,800

6 21.50% $38,270 $191,350 $382,700 $956,750 $1,913,500 $3,827,000

7 22.20% $39,516 $197,580 $395,160 $987,900 $1,975,800 $3,951,600

8 22.70% $40,406 $202,030 $404,060 $1,010,150 $2,020,300 $4,040,600

9 22.90% $40,762 $203,810 $407,620 $1,019,050 $2,038,100 $4,076,200

10 23.20% $41,296 $206,480 $412,960 $1,032,400 $2,064,800 $4,129,600


11

TABLE 10: MANUFACTURING INDUSTRY

TABLE 11: RETAIL INDUSTRY

Number of Locations

Records Lost

Incident and


1,000 5,000 10,000 25,000 50,000 100,000

1 9.40% $15,040 $75,200 $150,400 $376,000 $752,000 $1,504,000

2 15.10% $24,160 $120,800 $241,600 $604,000 $1,208,000 $2,416,000

3 18.80% $30,080 $150,400 $300,800 $752,000 $1,504,000 $3,008,000

4 21.00% $33,600 $168,000 $336,000 $840,000 $1,680,000 $3,360,000

5 22.20% $35,520 $177,600 $355,200 $888,000 $1,776,000 $3,552,000

6 23.20% $37,120 $185,600 $371,200 $928,000 $1,856,000 $3,712,000

7 23.70% $37,920 $189,600 $379,200 $948,000 $1,896,000 $3,792,000

8 24.20% $38,720 $193,600 $387,200 $968,000 $1,936,000 $3,872,000

9 24.50% $39,200 $196,000 $392,000 $980,000 $1,960,000 $3,920,000

10 24.50% $39,200 $196,000 $392,000 $980,000 $1,960,000 $3,920,000

Number of Locations

Records Lost

Incident and


1,000 5,000 10,000 25,000 50,000 100,000

1 35.60% $42,364 $211,820 $423,640 $1,059,100 $2,118,200 $4,236,400

2 49.90% $59,381 $296,905 $593,810 $1,484,525 $2,969,050 $5,938,100

3 55.80% $66,402 $332,010 $664,020 $1,660,050 $3,320,100 $6,640,200

4 57.60% $68,544 $342,720 $685,440 $1,713,600 $3,427,200 $6,854,400

5 58.80% $69,972 $349,860 $699,720 $1,749,300 $3,498,600 $6,997,200

6 58.80% $69,972 $349,860 $699,720 $1,749,300 $3,498,600 $6,997,200

7 58.80% $69,972 $349,860 $699,720 $1,749,300 $3,498,600 $6,997,200

8 58.80% $69,972 $349,860 $699,720 $1,749,300 $3,498,600 $6,997,200

9 58.80% $69,972 $349,860 $699,720 $1,749,300 $3,498,600 $6,997,200

10 58.80% $69,972 $349,860 $699,720 $1,749,300 $3,498,600 $6,997,200


12

TABLE 12: TECHNOLOGY INDUSTRY

Number of Locations

Records Lost

Incident and


1,000 5,000 10,000 25,000 50,000 100,000

1 6.30% $11,529 $57,645 $115,290 $288,225 $576,450 $1,152,900

2 10.80% $19,764 $98,820 $197,640 $494,100 $988,200 $1,976,400

3 14.30% $26,169 $130,845 $261,690 $654,225 $1,308,450 $2,616,900

4 16.60% $30,378 $151,890 $303,780 $759,450 $1,518,900 $3,037,800

5 18.50% $33,855 $169,275 $338,550 $846,375 $1,692,750 $3,385,500

6 19.90% $36,417 $182,085 $364,170 $910,425 $1,820,850 $3,641,700

7 20.80% $38,064 $190,320 $380,640 $951,600 $1,903,200 $3,806,400

8 21.50% $39,345 $196,725 $393,450 $983,625 $1,967,250 $3,934,500

9 22.00% $40,260 $201,300 $402,600 $1,006,500 $2,013,000 $4,026,000

10 22.50% $41,175 $205,875 $411,750 $1,029,375 $2,058,750 $4,117,500


13

Operational SavingsCost of Inefficiencies: False Positives

Outsourcing endpoint protection can deliver substantial cost savings for organizations, even accounting for the fact that the magnitude of savings will vary somewhat based upon your each organization’s existing cybersecurity capabilities and operational setup. In the most recent Ponemon State of Endpoint Risk study, organizations reported that 55 percent of alerts from endpoint technologies were false positives. While these alerts are benign, they come with a cost: operational expenses are incurred as a result of personnel time spent investigating and confirming the absence of malicious presence. Outsourcing endpoint protection can substantially reduce or nearly eliminate the number of false positives requiring an organization’s attention—and the associated costs. The operational savings which result can be calculated as the product of the number of false positives an organization estimates each endpoint produces in a 12-month timeframe and the cost associated with each interruption. The formula below assumes an average false-positive incident takes two minutes to inspect and disregard at a personnel expense of $53 per hour. Formula: ((Average False Positives Per Year Per Endpoint X Minutes Per False Positive)/(60 Minutes) X Hourly Cost Per Analyst) X Number of Endpoints *Note: It is important to remember that most organizations will ignore some alerts due to resource limitations. Typically alerts which are not deemed high risk are ignored or thresholds are tuned to minimize the number of alerts. The table below does not account for these variables.

Number of Endpoints

Number of False Positives Per Endpoint Per Year

1 5 10 15 20 25 30

100 $177 $883 $1,767 $2,650 $3,533 $4,417 $5,300

250 $442 $2,208 $4,417 $6,625 $8,833 $11,042 $13,250

500 $883 $4,417 $8,833 $13,250 $17,667 $22,083 $26,500

750 $1,325 $6,625 $13,250 $19,875 $26,500 $33,125 $39,750

1,000 $1,767 $8,833 $17,667 $26,500 $35,333 $44,167 $53,000

2,500 $4,417 $22,083 $44,167 $66,250 $88,333 $110,417 $132,500

5,000 $8,833 $44,167 $88,333 $132,500 $176,667 $220,833 $265,000

7,500 $13,250 $66,250 $132,500 $198,750 $265,000 $331,250 $397,500

10,000 $17,667 $88,333 $176,667 $265,000 $353,333 $441,667 $530,000

TABLE 13: OPERATIONAL COST SAVINGS FROM AN ESTIMATED NUMBER OF FALSE POSITIVES ELIMINATED PER ENDPOINT


14

Cost of Inefficiencies: True Positives

While false positives are relatively predictable in terms of the time investment needed to analyze and disregard, true positives are dependent upon the nature of the threat and the time required to detect and contain. The realized operational cost savings of outsourcing detection and response are also dependent upon the number of incidents an organization will incur during a 12-month timeframe. Using the $53 per hour analyst rate, the following formula estimates operational cost savings for true positives: Formula: (Hours spent per incident X Cost per hour for analysts)

Personnel, Tools and Maintenance

The last component to our operational savings calculation covers personnel, tools and maintenance dedicated to endpoint protection. The previous two sections already accounted for analyst time consumed by false positives and true positives, so we can omit analysts from this section. However, supporting personnel must be accounted for, as well as the investigative tools employed. While it is clear that managers, engineers and administrators are unlikely to be solely dedicated to endpoint protection, a portion of their time is nevertheless applied to endpoint security. Therefore, savings can be determined by estimating the costs of personnel and the percentages of their time consumed by this pursuit (Table 15)—while acknowledging that doing so requires some subjectivity and numbers will vary by organization.

TABLE 14: EXAMPLE EXPECTED TIME COST TO RESOLVE AN INCIDENT

TABLE 15

120 (2 Hours) 360 (6 Hours) 720 (12 Hours) 1,440 (24 Hours) 4,320 (3 Days) 10,080 (7 Days) 43,200 (30 Days)

$106 $318 $636 $1,272 $3,816 $8,904 $38,160

Total cost of operations tools per analyst $25,000

Cost per Security Operations Manager $124,433

Cost per Intelligence Analyst $95,875

Cost per Intelligence Manager $167,297

Cost per Network Security Engineer $116,360

Cost per Network Security Administrator $95,418


15

Putting It All TogetherIn the previous sections, we outlined two components to justifying outsourcing of endpoint protection: incurred yearly risk and operational savings. In an effort to clarify the process, the following table outlines the inputs, formulas and step by step process to calculate values applicable to your unique environment.

Category Inputs Formulas

Yearly incurred risk • Table 3

• Table 4

• Estimated number of records you would expect to lose if a breach occurred

Formula: Table 3 corresponding valueX(Table 4 corresponding value X estimated records expected to lose in a breach)

* Table 5 provides example yearly incurred risk for varying intervals between 1,000 and 100,000 records.

False positives • Number of endpoints

• Average number of false positives per endpoint over 12-month period

• Hourly cost per analyst

• Timeframe to dismiss false positives

Formula: ((Average false positives per year per endpointXMinutes per false positive)/(60 Minutes)XHourly cost per analyst)XNumber of endpoints

* Table 13 provides example costs for varying intervals between 1 and 30 false positives.

True positives • Hours spent per incident


Formula per incident:(Hours spent per incidentXCost per hour for analysts)

All incidents must be added together

* Table 14 provides example costs for incidents varying in timeframe between 2 hours and 30 days.

Supporting personnel, maintenance and labor

• Cost of operations tools

• Cost per Security Operations Manager

• Cost per Intelligence Analyst

• Cost per Intelligence Manager

• Cost per Security Engineer

• Cost per Security Administrator

• Maintenance cost (labor)

• Maintenance cost (hardware)

Formula:Addition of all tools and correspond full-time employees (FTEs) or portions of FTEs dedicated to endpoint security

Total yearly risk and operational costs Summary of above calculations

TABLE 16


16

Sample CalculationTo help you with creating your own calculations, Table 17 includes an example scenario that should serve as guidance in the creation of your own justifications. Profile: • Industry: Legal • Locations: 3 • Endpoints: 500 • False positives per year: 5 • True positives per year: 2 • Personnel:

- 4 Analysts - 1 Security Operations Manager - 1 Intelligence Analyst - 1 Security Engineer

- 1 Security Administrator

Category Inputs Formulas Calculations

Yearly incurred risk

• Table 3

• Table 4

• Estimated number of records you would expect to lose if a breach occurred

Formula: Table 3 corresponding valueX(Table 4 corresponding value X estimated records expected to lose in a breach)

* Table 5 provides example yearly incurred risk for varying intervals between 1,000 and 100,000 records.

Table 3 value = 16.8%X(Table 4 value = $178)X(10,000 records estimated to be lost if a breach occurs)=$299,040

False positives • Number of endpoints

• Average number of false positives per endpoint over 12-month period


• Timeframe to dismiss false positives

Formula: ((Average false positives per year per endpointXMinutes per false positive)/(60 minutes)XHourly cost per analyst)XNumber of endpoints

* Table 13 provides example costs for varying intervals between 1 and 30 false positives.

((5 false positives per endpointsX2 minutes per false positive)/(60 minutes)X$53/hour per analyst)X500 endpoints=$4,417

TABLE 17


17

Sample Calculation Continued

Category Inputs Formulas Calculations

True positives • Hours spent per incident


Formula per incident:(Hours spent per incidentXCost per hour for analysts)

All incidents must be added together

* Table 14 provides example costs for incidents varying in timeframe between 2 hours and 30 days.

2 Incidents Incident 1:72 hoursX $53/hour= $3,816

Incident 2:168 HoursX $53/hour= $8,904 = Incident 1 + Incident 2$12,720

Supporting personnel,

maintenance and labor

• Cost of operations tools

• Cost per Security Operations Manager

• Cost per Intelligence Analyst

• Cost per Intelligence Manager

• Cost per Security Engineer

• Cost per Security Administrator

• Maintenance cost (labor)

• Maintenance cost (hardware)

Formula:Addition of all tools and correspond FTEs or portions of FTEs dedicated to endpoint security

Operational Tools$25,000+Security Operations Manager Time (15% spent on endpoint)($124,433 X 15%)$18,664+Intelligence Analyst Time (15% spent on endpoint)($95,875 X 15%)$14,381+Security Engineer Time (15% spent on endpoint)($116,360 X 15%)$17,454+Security Administrator Time (15% spent on endpoint)($95,418 X 15%)$14,312=Total: $75,430

Total yearly risk and operational costs $391,607


18

ConclusionAs security leaders and practitioners have come to realize, making the case for outsourcing endpoint protection is a challenge. Broad endpoint studies continue to cite overinflated risks and costs that are difficult to interpret and seem too general to inform investment decisions which consider a particular organization’s unique attributes. These studies leave leaders and practitioners with unrealistic numbers which are hard to defend and explain. Budget authorities demand justification before authorizing expenditures. Using the formulas and guidance in this document, you can make a quantifiable business case to justify outsourcing endpoint protection while creating a more resilient and efficient endpoint security posture.

References[1] See Endpoint Security Market worth $18.4 billion by 2024

[2] Available at: https://www.absolute.com/media/1935/2019-endpoint-security-trends-report.pdf

[3] Ponemon: 2018 State of Endpoint Security Risk Study

[4] Available at: https://enterprise.verizon.com/resources/reports/dbir/

[5] Available at: https://www.ibm.com/security/data-breach

[6] Available at: https://www.knowbe4.com/hubfs/2018ThreatImpactandEndpointProtectionReport.pdf

eSentire, Inc., the global leader in Managed Detection and Response (MDR), keeps organizations safe from constantly evolving cyberattacks

that technology alone cannot prevent. Its 24x7 Security Operations Center (SOC), staffed by elite security analysts, hunts, investigates and

responds in real-time to known and unknown threats before they become business disrupting events. Protecting more than $6 trillion AUM,

eSentire absorbs the complexity of cybersecurity, delivering enterprise-grade protection and the ability to comply with growing regulatory

requirements. For more information, visit www.esentire.com and follow @eSentire.

About eSentire:

Date post:	19-Jul-2020
Category:	Documents
Upload:	others
View:	0 times
Download:	0 times

Making the Financial Case for Outsourcing Endpoint …...Making the Financial Case for Outsourcing...

Documents