Posted August 27, 2015
By Eric Olson, VP of Product Strategy
Over the past few weeks we have explained why threat intelligence is essential for your cyber security plan, how to map your security needs to business objectives, and how to formulate a plan. Now, we’ll put all of that together. The following two examples, one for information security and the other for physical security, illustrate some common situations where a business case is built to justify an expenditure on threat intelligence.
Information Security Case: Preventing Counterfeits
Your security team must protect your organization from intentional or inadvertent exposure of sensitive product intellectual property data online. While this is self-explanatory to a security team, tying it back to a business objective may not be as clear.
In this case, the business objective is to prevent knockoffs from diverting revenue from the organization. If plans, blueprints, specifications, or other technical data leak before the physical product is available, it could speed up how quickly knockoff products are released. Thus, any intelligence capability that could help prevent, monitor for, or respond to and remediate such losses of sensitive data could be justified on the basis of protecting that “knockoff free” revenue window.
Here is what a budget justification model might look like for any technology, tool, or resource that can reduce the risk of a “jump start” to the counterfeiting process.
Based on this model that only one product is released per year, it is clear that any capability with the potential to prevent or delay the counterfeiting process by even a few days or weeks may well be worth a modest expenditure. If the company were to release more items more often, this case can be multiplied many-fold.
Physical Security Case: Preventing Business Disruption
Let’s apply the same principles to the physical security for a brick-and-mortar retailer. In addition to employee and customer safety, which are security priorities in their own right, there are business drivers that can help justify the costs of a threat intelligence capability.
For example, any disruption or protest activity at company retail locations can temporarily stop sales and prevent access to the property, thereby directly impacting revenue. Such events also incur public relations costs, consume management time, and generally create a distraction for everyone involved. Disruptions can also create a negative customer experience that will reduce store traffic and sales long after the event itself has passed.
Many of these types of disruptions are organized, discussed, or planned online via forums, social media, and activist web sites, so intelligence collected from these sources may provide early indications and warnings that allow the prevention or mitigation of such planned activity.
Below is a sample budget justification model for procuring a tool, capability, or service that allows for efficient, cost-effective gathering of relevant, actionable intelligence from social media, blogs, websites, and forums. This uses real numbers based on a retail chain that was recently involved in a highly-controversial set of court cases and political discussions.
This model does not factor in the impact of any future sales lost after the event due to negative customer experience or bad press. It addresses only the value of store traffic prevented during the course of the event itself.
If a threat intelligence capability or tool can help provide the early indications and warnings that might allow an organization to prevent potential threats, whether physical or online, then there is clearly a justification for some expenditure for such a capability that provides this protection.
When you make the business case for threat intelligence, establishing regular, meaningful executive-level reporting is critical to garner ongoing support for the expense.