Calculating the Hidden ROI of Better Security
In my , I explained how organizations can use PSIM to achieve operational savings. In this second installment of my two-part series on PSIM ROI, I’ll explore a less obvious (hidden) PSIM ROI which can be achieved through better security.
When a company invests in a security solution such as PSIM, the obvious reason is to improve security. But when’s the last time you heard “improved security” mentioned as a source for ROI? Even so, the potential ROI from security improvements can far outweigh any operational cost savings from PSIM. This is especially true in very sensitive industries where the cost of a security breach, or not handling a safety malfunction correctly, or failing to comply with regulations, can have huge financial impacts.
Everyone knows that security is important, that goes without saying. But how do you quantify the ROI resulting from improved security? It’s harder to measure, but it can be significant none-the-less.
Take for example catastrophic situations. Of course, organizations define catastrophes differently. But here I’m talking about the kind of events that can have extreme negative consequences – like an explosion on an oil rig resulting in loss of human life or environmental damage, a breach in a bank security system that protects the personal information of millions of customers, an extended shutdown of an airport terminal due to a bomb threat. All can result in significant financial losses.
So how can we measure the potential financial impact of such catastrophic events? How much does improved security “save us?” Here’s one way to look at it:
The potential $ damage from an incident = the risk of the incident happening (%) x the loss created from the incident ($) if it were to occur.
For example, even if the risk of a catastrophe happening is only 1% or 0.1%, if the loss from that incident would be billions of dollars, the overall potential loss, even weighted by a low probability, is still high.
Catastrophes, although they very rarely occur, still have the potential to impact huge damage – not just from an immediate financial perspective, but also from the long-lasting blow to a company’s brand image or reputation.
Consider the oil spill in the Gulf of Mexico, which resulted in criminal and civil penalties in billion of dollars. No one would ever claim that such an incident could have been fully prevented through the use of an advanced situational awareness/situation management solution like PSIM. But in this type of catastrophic situation, arguably, even the slightest improvement in situational awareness and response could certainly lessen the impact.
How couldPSIM help in a catastrophic situation? Without getting into the specific details of deep sea drilling challenges, it’s clear that it’s a complex environment with many systems and sensors that need to work together and be closely monitored. By correlating readings and alerts coming from these various systems and sensors PSIM can raise awareness to a building crisis much sooner, thus expediting the chain of responses and corrective measures.
Also, once a crisis situation is already in play, procedures are critical to averting or at least minimizing the impact of a potential catastrophe. PSIM’s automated response plans can guide local and remote teams to respond to an incident based on standard operating procedures and predefined emergency response plans, to ensure the right actions are taken by the right people at the right time.
Consider another example: Large airports can average as many as 300 security breaches a day. An unresolved security breach can cause a complete terminal shutdown, which can cost upwards of $600,000 an hour. So it’s easy to see how preventing such breaches in the first place, or resolving them faster, can have a direct financial impact. The ability to effectively utilize security information from video cameras, access points, and other sensors can help airport security personnel quickly assess a security breach.
Effective assessment can be the difference between a two- to five-minute process and a 30- to 50-minute terminal shut down. PSIM can alert an operator to a breach, show that operator the breach location on an airport map, automatically display the cameras nearest to where the intrusion was detected to help the operator instantly verify the intrusion source and provide the correct procedures to follow. In the final analysis that means a faster, more effective response, which can avert a potential shutdown.
So what’s the lesson at the end of the day? Simple – when you’re looking at PSIM ROI, don’t forget to consider the hidden ROI of improved security.