Quantifying the Financial Impact of Cybersecurity with Return on Mitigation (RoM)

Summary: The video discusses the revolutionary concept of Return on Mitigation (ROM) in cybersecurity, presenting it as an alternative to traditional Return on Investment (ROI calculations). It explains how ROM quantifies the financial value of cybersecurity by measuring mitigated losses rather than revenue generation. The presentation highlights research conducted over several months with cybersecurity professionals, showcasing a ROM calculator for practical applications, and emphasizing the importance of reframing cybersecurity investments as essential to business success.

Keypoints:

The presentation is titled “Beyond ROI: Unlocking the Financial Value of Cybersecurity with Return on Mitigation.”

Luke Stevens, also known as Hack Luke, introduces himself as a cybersecurity consultant with extensive experience in penetration testing and bug bounty hunting.

NZ, a product marketing lead in cybersecurity, has over a decade of experience and emphasizes the need for the ROM framework.

The ROM framework aims to address the challenges of traditional ROI calculations in cybersecurity, which often misrepresent cybersecurity as a cost center.

Over 500 cybersecurity professionals were surveyed to gather insights for the ROM research paper, which outlines the framework’s real-world applications.

The agenda includes reframing ROI challenges, diving into ROM, discussing practical examples, demonstrating the ROM calculator, and inviting audience feedback.

ROM quantifies mitigated losses as a financial measurement, offering a more accurate justification for cybersecurity investments.

Real-world examples show how companies can achieve significant ROI calculations by preventing potential losses through cybersecurity measures.

The ROM calculator allows organizations to analyze their vulnerabilities and estimate the financial impact of mitigating actions.

The presentation discusses the challenges of justifying cybersecurity investments to non-technical stakeholders by focusing on aligning investments with business objectives.

The ROM framework enables security teams to prioritize initiatives, compare investment options, and effectively communicate with executives and board members.

Automated features in the ROM calculator enhance efficiency in deriving insights and sharing reports with relevant stakeholders.

The goal is to standardize ROM across the industry to facilitate better investment discussions related to cybersecurity.