How to Measure the ROI of Threat Intelligence: Forrester TEI Study of ZeroFox

How to Measure the ROI of Threat Intelligence

Perhaps one of the most difficult tasks for security teams is to measure the business value and ROI of the tools they use every day to protect their organizations. Measuring the ROI of threat intelligence is no different. The core value of many security tools is often placed on what could have been or what was prevented from happening, rather than a specific outcome that did happen. To do so, we look to the worst possible scenarios: data breaches, brand abuse, stolen IP, and estimate the costs if one of those scenarios were to take place. What these simple ROI methods often lack, however, is the overall value provided through the entire lifecycle of prevention, awareness and remediation. That's where the Forrester TEI study comes in.

Forrester Consulting recently conducted a commissioned Total Economic Impact (TEI) study of ZeroFox solutions for digital security and threat intelligence on behalf of ZeroFox. Within this post, we’ll share the Forrester model for measuring the ROI of threat intelligence, a few results from the study itself, and the core values required for any valuable threat intelligence solution.

The Forrester TEI Study ROI Model 

Forrester’s approach to identifying the ROI of threat intelligence (or any solution for that matter) involves interviewing a customer or customers of that organization and developing a financial model to help determine the overall business value of the solution. The Forrester TEI study weighs the costs, benefits, flexibility and risks to determine the Total Economic Impact. 

For the ZeroFox study, Forrester interviewed a global financial services customer to understand the value ZeroFox provided. This customer is concerned with executive protection, specifically executive impersonations online. 

Forrester TEI Study ZeroFox Results Snapshot

While the study gives full details on Forrester’s analysis of ZeroFox’s ROI of threat intelligence, the firm noted a few key takeaways to measure the 3-year impact of ZeroFox:

• 267% ROI: Forrester found that the ZeroFox customer profiled projects a total return on investment of 267% over a 3 year period through increased automation and efficiency, risk mitigation and reduced burden on internal staff. 
• <3 Month Payback Period: Forrester estimates that this ZeroFox customer reached a break-even point on benefits vs investments only 3 months into a 3 year contract. This is a testament to the immediate value ZeroFox brings to an organization. 
• $1.9M Reduced Risk of Executive Impersonation: Executive impersonations harm more than just the targeted individual and can have a negative impact on the organization as a whole. Forrester estimated that the customer can save $1.9 million in reduced risk with ZeroFox’s Executive Protection solution due to continuous monitoring for fraudulent accounts and increased remediation efforts. 

The Three Core Values That Create the ROI of Threat Intelligence

As alluded to in the opening paragraph, measuring the preventative savings of a threat intelligence service (or any security tool for that matter) provides a limited look at the overall value of the solution. Ultimately, the ROI of an external threat intelligence service comes in the automation, remediation and human intelligence that can improve internal inefficiencies and save analyst time and resources. This can be measured in reduced detection times, reduced necessity for internal employee training, and perhaps most importantly: increased takedowns of offending content, posts and accounts.  

Core Value #1: Automation 

One of the most important elements to any threat intelligence solution is time to detection and resolution. Automation is critical to timely identification of threats. The global financial institution interviewed in the Forrester TEI study came to ZeroFox lacking any automated threat detection which frequently led to delayed reporting, manual threat searches and a heavy burden on internal team members. By automating that process and continuously monitoring for threats to their executives, ZeroFox was able to take down 8,500 more entity account threats per year (up from 1,000) while requiring significantly fewer internal resources. That’s a 750% increase in takedowns and a reduction in internal efforts. Win-win. In addition, ZeroFox has automated the identification of executive impersonations, a top use case for this organization, eliminating the need for manual searching all together. 

Core Value #2: Remediation 

Threat detection is invaluable without action. Just as automation helped provide the ZeroFox customer with increased visibility into the impersonation threats targeting their executives, improved remediation ensured those threats were directly addressed. While emphasis is frequently placed solely on the value of data when it comes to threat intelligence, what is done with that data is most important. Remediation is a critical to measure the ROI of threat intelligence or a digital risk protection solution. As previously mentioned, ZeroFox increased the global financial customer’s takedowns by 750%. Considering the average potential cost to an organization of a single executive impersonation is $44,000, this increase in takedowns is significant for both cost and risk reduction. 

Core Value #3: Human Intelligence and Managed Services 

Security teams are all too often overburdened. A critical value of adopting an external threat intelligence service is the ability to extend internal team efforts externally. The ZeroFox customer interviewed in this Forrester TEI study noted that their employees saw a reduction in training time and overall employee burnout through reliance on ZeroFox’s team of threat analysts. The responsiveness of the ZeroFox OnWatch team allowed the organization’s internal team focus on higher-level tasks.  

Validate Your Threat Intelligence Investments 

In this time of pandemic, with increased threats combined with economic pressures, it’s more important than ever that security leaders act with efficiency and track performance to better justify investments and understand the ROI of threat intelligence (and any other tools they are using!).  Are you considering a threat intelligence or digital risk protection solution? Do you need to validate potential investments with upper management prior to decision-making? The Total Economic Impact™ Of ZeroFox Solutions For Digital Security And Threat Intelligence is a helpful guide for any threat intelligence or security team that is looking for deeper insight on the business value of a TI or DRP tool. Download the full study here.