NEW YORK -- "You can't prove a negative" is a phrase that's often quoted during any discussion on the ROI of data security solutions. The idea is that the best possible return on security investments is, absolutely nothing. No hack attacks, no virus infestations, no exposed data, no employee malfeasance.
But companies are no longer content to accept "nothing" as a valid statistic. Many want to accurately quantify their return on data security investments (RODSI), according to a study conducted by Protegrity, a leading provider of data security management solutions, of visitors to their booth at this year's RSA Conference 2007.
The study also revealed that national and state privacy laws are the main driver of most companies data security plans in 2007, with Sarbanes Oxley (SOX) and the Payment Card Industry Data Security Standard (PCI DSS) compliance both coming in a close second.
Additionally, RSA attendees estimated that the cost of a publicly reportable security breach could easily top ten million dollars, with many breaches costing between $4-10 million to remediate.
Over three-quarters of respondents of the survey stated that they are or have been asked to calculate RODSI, and some were struggling to come up with a usable formula with which to perform the analysis.