Calculating and Evaluating ROI for Federal Cybersecurity Projects

As the relief package winds its way through the House and Senate for approval, new funding for the Technology Modernization Fund (TMF) has been the proverbial rope in a high-stakes game of tug-of-war. Last week, when $9 billion in proposed TMF funds were dropped, I wrote about how federal security teams can reprioritize key initiatives without that funding. 

This week brings news that the Senate is adding back $1 billion to the TMF in their draft of the relief package. 

Regardless of where the final relief package lands, cybersecurity teams will benefit from an increased emphasis on calculating and evaluating the return on investment (ROI) of their projects. 

What to Consider When Calculating ROI

There are many factors to consider when calculating ROI for a proposed project. Given the need to free up resources, many agencies we work with look to automate routine tasks that have historically been done manually. Asset management is one of those areas.

At Axonius, we’ve worked with a number of agencies that have seen significant return on their investment in cybersecurity asset management. 

When calculating, we recommend agencies look at the savings from key areas like:

• Automating the creation and maintenance of asset inventories
  • The average security team spends 89 person-hours per asset inventory — and they complete one 19 times a year. A cybersecurity asset management platform would automate this process and make an inventory available continuously.

• Automating CMDB reconciliation and maintenance

• • A cybersecurity asset management platform would eliminate the manual time needed to reconcile CMDB data discrepancies and update CMDBs.

• Reducing time to triage alerts

• • Because asset management platforms can correlate all device, user, and agent information, many agencies have seen at least a 50 percent decrease in the time needed to triage alerts after implementation

• Recouped value in missing software deployments

• We often find that companies have anywhere from 2 to 10 percent of devices missing agents or software installations, and it's likely you’re paying for those deployments. 

At the end of the day, many agencies that implement the Axonius Asset Management Platform see a payback in their investment of about five to eight months. It also frees up staff to perform higher value activities. 

Evaluating ROI

Remote work, advances in cloud computing, BYOD, and other evolutions are making the federal IT environment more difficult to secure. Chances are, your team has a number of projects that you can invest in this year. 

Calculating ROI for projects under consideration helps you make a more informed decision about where to invest your resources or which projects to prioritize. It also may assist you to determine the best method to fund the project. For example, if a project pays for itself in this fiscal year, then it could most likely be funded from your existing budget. 

Next Steps

Looking to get started? The Axonius team has worked with agencies to calculate and evaluate ROI of cybersecurity asset management projects.

Watch this video to learn where cybersecurity asset management fits into your priorities and request a time to meet our team.