Forrester Total Economic Impact™ Study of Taegis VDR$404K Value and Payback in Less Than 6 Months By: Alexa Levine, Product Marketing
As attack surfaces expand, threat actors who get past perimeters have more places to hide and more assets to potentially compromise. That’s why it’s more important than ever for businesses to take precautions to secure sensitive data and mitigate vulnerabilities. Secureworks® Taegis™ VDR provides a risk-based approach to managing vulnerabilities with actionable recommendations to protect what’s most critical.
“You can’t protect it if you can’t see it. I need visibility to vulnerabilities more frequently than an annual pen test. Secureworks provides those much-needed vulnerability scans for us.”
– Information Security Officer, Pharmaceutical Industry
Secureworks commissioned Forrester Consulting to conduct a Total Economic Impact™ (TEI) study and examine the potential return on investment (ROI) of Secureworks Taegis VDR. Forrester’s TEI report provides business value justification analysis to help organizations understand the financial impact of an investment. Forrester spoke to several existing VDR customers to assess the cost savings, productivity gains, and business benefits Secureworks users experience. The study found a potential ROI of 352% over three years for VDR customers.
The Total Economic Impact methodology consists of four components to evaluate investment value: cost, benefits, flexibility, and risk. Forrester took a multistep approach to evaluate the impact that Taegis VDR can have on an organization. Forrester interviewed customers using VDR in the retail, manufacturing, pharmaceutical, and construction services industries to better understand the benefits, costs, and risks. These customers were looking to overcome key challenges such as chasing vulnerability-management best practices, being unable to keep up with active risks and apply them to their organizations’ environments, and IT operations not accepting patching-action lists.
Forrester designed a composite organization based on the characteristics of the organizations interviewed. Next, Forrester constructed a financial model that is used to present the aggregate financial analysis. The representative interviews and financial analysis found the composite organization experiences benefits of $519,000 over three years versus costs of $115,000, adding up to a net present value (NPV) of $404,000 and an ROI of 352%. They also determined that the payback period (the breakeven point for an investment) is less than six months.
To arrive at the three-year, risk-adjusted present value, Forrester quantified the benefits for the composite organization, including:
- Avoided costs associated with data breaches of $285,600 over three years. By reducing the frequency and severity of cybersecurity attacks, plus prioritizing patching and remediation activities, organizations can avoid costs associated with data breaches.
- Cost savings of $46,000 by deprecating other security software over three years. By consolidating software and services, organizations can lower licensing costs for vulnerability management.
- Security-team labor cost reduction of $69,200 over three years. The security team can spend less time identifying and patching vulnerabilities and more time investigating and responding to threats.
- IT ops labor cost reduction of $106,300 over three years. The IT team can focus on exposures to critical assets and critical pathways rather than patching and remediation activities.
- Resource cost reductions of $11,900 over three years. By identifying resources that can be deprecated or reduced in size, organizations can reduce resource costs.
The total benefits add up to $519,000 over three years.
“With Secureworks we are comfortable that we have done as much as we absolutely can to mitigate threats. We’re in a nice place, even knowing that the bad people continue to get better at being bad. I sleep better now.”
– Global IT Director, Manufacturing Industry
In addition to quantified benefits, Forrester looked at benefits that provide value but cannot be quantified. Some of the unquantified benefits include improved team comfort level and employee satisfaction, increased confidence to the corporate board level, and reduction in penetration testing (pen testing) and remediation that is disruptive to the business. Interviewees shared that Secureworks teams are there for them and that Taegis VDR’s role in cybersecurity protection is well-known throughout their organizations.
Taegis VDR utilizes machine learning to identify not only the vulnerabilities of individual endpoints, web applications, and network devices, but also the vulnerability relationships between these assets. Plus, it provides a prioritized list of assets to patch and remediate that includes the reasoning behind the ratings. The interviewees shared that after investing in Taegis VDR, they saw confidence in their organizations’ vulnerability management processes increase organization wide, from cybersecurity teams and IT operations to corporate executives. Whether an organization is struggling with a large attack surface, disparate tools, or insufficient staff, Secureworks can help by reducing risk, optimizing investments, and closing the cyber skills gap.
Source: The Total Economic Impact™ of Secureworks Taegis™ VDR, a commissioned study conducted by Forrester Consulting on behalf of Secureworks, April 2023.
This study is commissioned by Secureworks and delivered by Forrester Consulting. It is not meant to be used as a competitive analysis.
Forrester makes no assumptions as to the potential ROI that other organizations will receive. Forrester strongly advises that readers use their own estimates within the framework provided in the study to determine the appropriateness of an investment in Taegis VDR.
Secureworks reviewed and provided feedback to Forrester, but Forrester maintains editorial control over the study and its findings and does not accept changes to the study that contradict Forrester’s findings or obscure the meaning of the study.
Secureworks provided the customer names for the interviews but did not participate in the interviews.