Connect with us

Hi, what are you looking for?


Incident Response

To Demonstrate ROI for Cyber Situational Awareness, Consider the Incident

Security is now a topic on many board meeting agendas. Board members need to understand what threats they face, if they are prepared to stop them, and what additional security investments they need to make to better protect themselves from compromised brand integrity, instances of sensitive data loss, or potential threats.

Security is now a topic on many board meeting agendas. Board members need to understand what threats they face, if they are prepared to stop them, and what additional security investments they need to make to better protect themselves from compromised brand integrity, instances of sensitive data loss, or potential threats. In 2015, in response to cyber risks, respondents to PwC’s Global State of Information Security Survey for 2016 boosted their information security budgets by 24 percent. It is safe to assume that this funding was allocated only after a compelling case was made and a CISO or CIO was able to demonstrate a return on investment. 

Increasingly, one of these areas of investment is cyber situational awareness. Struck by the realization that they can no longer rely on traditional security defenses to stop bad actors, many organizations are looking for ways to understand which threats lurk outside of their perimeter. Cyber situational awareness provides the ability to achieve an ‘attacker’s eye view’ of their organization to prevent, detect and contain cyber-related incidents. 

Situational AwarenessThere are many products that organizations can turn to in this pursuit: research tools, threat intelligence, social media monitoring, data loss, and dark web monitoring. But demonstrating ROI can be problematic. After all, how can you assign a cost to an incident that never happened? What’s more, costs and returns will differ depending on whether you’re looking at brand protection, data leakage, or cyber threats. But there is a way to go about this. You just need to consider the type of incident.

Brand protection. Monitoring for brand misuse and reputational damage is far from a “nice to have” and has clear financial ramifications – both opportunity costs and real gains. Online mentions or false representations can compromise a brand and negatively impact a potential deal. For example, as discussed in my previous column, when information about a pending merger or acquisition is leaked, the details of the transaction can dramatically change. But also consider the case of a luxury goods retailer whose brand is compromised by online sales of replica products. Cyber situational awareness can help them to provide law enforcement with the insights they need to identify the perpetrator and seize assets, allowing for the courts to award restitution to the retailer. For high-value retailers this can be tens of thousands of dollars.

Data leakage. Monitoring for data leakage can similarly have implications, costs and returns for organizations. Sensitive information leaked online can provide competitors with a commercial advantage. Identifying where data is leaking out and who is looking to exploit this information is particularly valuable. Cyber situational awareness can also help banks to detect when credit card information is being sold on underground forums, launch investigations to find the root cause and freeze the associated accounts and, ultimately, save money lost to fraud. For that matter, any organization can save millions of dollars in data breach costs with visibility into malicious use of its data by monitoring activity across paste and dark web sites. And in the European Union (EU) where European organizations subject to the recent EU General Data Protection Regulation (GDPR) can now face fines of up to 4 percent of global revenue for non-compliance, increased context and insight can help them better mitigate the effects and inform authorities more quickly.

Cyber threats. Finally, detailed information about cyber threats – how they operate and who they target – can save organizations large amounts of money. Think about the wave of recent ransomware attacks. With greater context and insight, organizations that fall prey to such extortion can better understand a threat actor’s tactics, techniques and procedures (TTPs). Based on that information they can determine if they have the right defenses in place and could decide not to pay the ransom. Cyber situational awareness can also allow online retailers take steps to avoid their websites from being taken down by groups targeting retail outlets, as happened over Valentine’s Day. And it can also help organizations monitor for typosquatted domains and determine if attackers are using a domain name similar to theirs to launch attacks and compromise their business. 

Each of these examples describes tactical, short-term threat intelligence that can deliver returns. But there is also a strategic element to consider with any investment. If the intelligence helps to create measurable change in an organization’s improved security posture, based on its digital profile and the profile of its attackers, then it has a clear and sustained value. With cyber situational awareness, security professionals can prioritize threat protection and policies based on how the threat environment is evolving and, crucially, how that relates to the organization’s strengths and weaknesses. 

As the discussion of cyber security gets elevated to the board room, the need to justify investments will only become more important. By understanding the different types of incidents and the different returns, you can make a strong case for greater cyber situational awareness in the short- and long-term.

Advertisement. Scroll to continue reading.
Written By

Alastair Paterson is the CEO and co-founder of Harmonic Security, enabling companies to adopt Generative AI without risk to their sensitive data. Prior to this he co-founded and was CEO of the cyber security company Digital Shadows from its inception in 2011 until its acquisition by ReliaQuest/KKR for $160m in July 2022. Alastair led the company to become an international, industry-recognised leader in threat intelligence and digital risk protection.

Click to comment


Daily Briefing Newsletter

Subscribe to the SecurityWeek Email Briefing to stay informed on the latest threats, trends, and technology, along with insightful columns from industry experts.

Join the session as we discuss the challenges and best practices for cybersecurity leaders managing cloud identities.


The AI Risk Summit brings together security and risk management executives, AI researchers, policy makers, software developers and influential business and government stakeholders.


People on the Move

Satellite cybersecurity company SpiderOak has named Kip Gering as its new Chief Revenue Officer.

Merlin Ventures has appointed cybersecurity executive Andrew Smeaton as the firm’s CISO-in-Residence.

Retired U.S. Army General and former NSA Director Paul M. Nakasone has joined the Board of Directors at OpenAI.

More People On The Move

Expert Insights