Threat Intelligence Blog

Posted December 18, 2014

Eric Olson, VP of Product Strategy, and James Carnall, VP of our Cyber Intelligence Division, recently hosted a webinar on Making the Business Case for Threat Intelligence. Here are some of the highlights:

A Working Definition of Threat Intelligence


What’s Driving the Increased Need for Threat Intelligence?

The growth of risks and sources for those risks is making effective threat intelligence increasingly vital. Unlike other industries, old threat vectors never really disappear, so it’s critical for organizations to monitor both beyond and within the perimeter.


Aligning with Business Objectives

Forrester Research recently said that “Executives make investment decisions when regulatory compliance compels them to do so, or when it directly contributes to the bottom line.” Therefore, when preparing the business case for a new threat intelligence solution, it’s crucial to ensure your request aligns with business objectives or goals.


So when speaking in those business terms, remember that in most organizations, there are a few key things management cares about: revenue, risk, time, and regulatory compliance.


Building Your Case

Although business cases are very unique to each company, there are at least some elements that we can talk about and share ideas.


One useful framework is to “T.E.S.T.” your readiness. This will ensure clarity of purpose and help identify specific budget needs. 

T= Tools


Next, Map Out Specific Resource Needs

By defining your objectives, and therefore your intelligence needs and mission activities, your budget requirements become much clearer. You may need to:

  • Assess tools and services to identify gaps, price out options
  • Evaluate internal talent and scope out hires and costs
  • Determine training and development needs
  • Lay out speed/cost tradeoffs
  • Define roles & responsibilities

Also keep in mind that no budget request is purely mathematical. Organizations have cultures, dynamics and politics that factor into success.

Information Security Case Study

In this example, the security team’s concern is the intentional or inadvertent exposure of sensitive product IP data online.

Potential business benefits:

  • Reduced exposure of competitive intelligence
  • Delayed introduction of knockoffs
  • Reduced risk of disruption, reputational damage and/or penalties

Potential bases for a business case:

  • Value of a point of market share
  • Revenue loss based on experience or industry data for counterfeiting
  • Quantification of risks and penalties


In this example, we see that the potential value of each week counterfeiting is accelerated or delayed could be nearly $700,000.


Physical Security Case Study

In this Physical Security example, the security team’s concern is safety due to disruptions and protests at company retail locations.

Potential business benefits:

  • Mitigation of disruptions, safeguarding current and future revenue
  • Reduced risk of legal and PR costs, reputational damage

Potential bases for a business case:

  • Value of per-store, per-hour sales
  • Quantification of previous PR costs associated with similar events


In this example, the total impact of a single physical disruption event could be nearly $100,000.

Final Tips

  • Be sure your data is complete as possible
  • Make projections into the future but document your assumptions
  • Wherever possible, use company data first, industry data second, guesses third
  • Don’t be married to financials or estimates – they are always wrong
  • Know your corporate executives and culture
  • If possible, get buy in from Finance before your sales pitch

If you’d like to watch the webinar in its entirety, it’s available on demand here.

Additional Posts

Cyveillance Weekly Trends Report–December 23, 2014

Welcome to the Cyveillance Weekly Trends Report Since threat intelligence is constantly evolving, ...

Pick a Strategy for Dealing with BIND Vulnerabilities

It’s well known that DNS servers and protocols were first designed decades ago without security ...