Case Study: Cost-Benefit Analysis
Situation A large financial institution was interested in better
understanding the relative contribution being made by each of its
corporate security functions compared to their cost. This
knowledge would allow it to make better resource allocation decisions
and address the upcoming budget process from an enterprise benefit
point-of-view. Bellwether was invited to facilitate a process whereby
the function heads could participate together, provide information and
jointly determine the outcome. Approach Security
incident and event information was analyzed to understand distribution
frequency in terms of the extent of severity to the company. The
incident data was aggregated into a manageable set of threat
categories. Incidents in each category were then sampled to
ascertain their cost to the company and this used to estimate the
benefit attributable to their mitigation. From a departmental
perspective, approximately 10 key security functions were selected and
their annual costs ascertained with overhead and corporate burden
included. Benefits were then allocated to each function by use of an
exponentially driven threat-mitigation matrix and compared to cost.
Each was them mapped graphically according to relative contribution. Analysis & Results Results indicated that the corporate security department overall was a significant contributor to the company’s profitability in relation to its expense. However, its component functions displayed very different characteristics with respect to their ratios of attributed benefit to actual cost. Older, more traditional functions, such as access control, had much higher costs associated with them relative to their attributed benefit. Whereas newer threats, typically of a digital nature had the propensity to do much more harm but had far fewer resources allocated for their mitigation. The analysis clearly made the case for additional investment and indicated areas of priority. Benefits to Client The company was better enabled to consider additional investment in threat mitigation programs and compare it to other alternative uses of funds within the enterprise. Equally importantly, it was clear what the resource allocation priorities were within the corporate security group. Even if additional funding did not materialize, the reallocation of resources within the group would increase the aggregate benefit to the company. This finding confirmed the importance of an existing initiative that improved capacity utilization across the group. Several significant opportunities to improve enterprise benefit were uncovered as a result of this process and analytic methodology. |
Case Studies
- Cost-Benefit Analysis
- Governance Model
- Security Integration
- US Site Security
- Physical Security Benchmarking
- Security Vision and Strategy
- High-Profile Landmark Building
- Risk Based Resource Allocation
- Threat Analysis
- Disaster & Terrorism Preparedness
- Pandemic Preparedness