TLDR: RoSI stands for Return on Security Investment and it’s used to help your champion provide data to their CFO and others when justifying their purchase.
Security is seen as a department of suck, meaning they take money but they don’t make money. Often times sales professionals struggle to be able to not only quantify the value of their services to their buyer, but also the long term return on (not only) investment, but security investment. The CFO and other like minded board members would love talk about risk reduction.
Return on Security Investment (RoSI) is a metric that can be used to measure the effectiveness of a purchase of security software. It’s calculated by comparing the cost of the investment (services, software, etc…) against the benefits gained from that investment (less incidents, increased protection, risk reduction).
Lets review a formula quickly:
RoSI = The benefit of the security investment MINUS the cost of the security investment DIVIDIDED BY the cost of the security investment
It is the comparison of the financial benefits of the investment against its costs. If the formula above is completed and there is a positive result, that indicates there is a positive net return, while a negative result exemplifies a net loss.
How does it help?
Often times your champion is not adept in the language of the business, the CFO, and the board. According to Gartner research, it takes 7 individuals of which 4 are not directly involved in the security aspects, to purchase a security solution. Therefore equipping your security champion with the lingo to translate your purchase will provide extra value to your economic buyer.
Working through a problem
Step 1 is determining the cost of the investment. As a sales person you are provided with fixed costs range for your solution. You’re showing up to your prospect saying “Our product costs $75,000.00,” but are you taking into account the cost for purchasing, implementation, training, maintenance? These are all costs that your champion will need to present to your economic buyer. You will need to identify these type of costs with your champion in order to produce a proper RoSI equation.
Step 2 is identification of the benefits of the investment. When selling you should be talking in metrics already about increased efficacy, time saved, reduced risk, business growth, etc… Through conversations with your champion you can identify these key metrics. For example if you are selling advertisement space you can share metrics of a competing brand that purchased said space and what their pains were and how through the partnership you were able to help them meet their goal metrics.
Step 3 is taking those benefits identified and turning them into metrics. If you are selling email security and the cost of a phishing email getting through and causing havoc is estimated by the Verizon DBIR (Data Breach Investigation Report) to be around $50,000.00 and your customer has 5-7 get through their current vendor a month, that could cost the company up to $350,000.00. If leveraging your solution reduces that breach number to zero, the benefit is saving $350,000.00. Additionally if you have identified that ongoing maintenance such as the need for outside Microsoft consultants costs your prospect $75,000.00 per year, that is an additional savings the customer would see.
Step 4 is calculating the RoSI by using the formula above:
Cost of your solution investment = $75,000.000
Benefit of solution investment = $425,000.00 (costs of phishing breach & Microsoft consultants)
RoSI = (75,000 – 425,000) / 75,000 = 4.66
Interpretation
The above formula tells us that for every dollar invested in the solution, the organization can expect to receive $4.66 in financial benefit.
Positive RoSI tells your economic buyer that the investment would generate a net positive return, vice versa a negative tells the economic buyer that it’s a bad investment (most likely). If the RoSI is below 1, then the juice probably is not worth the squeeze.
