Save 20% on accredited ISO 27001 course exams.
Limited-time offer – ends February 29, 2024
Use promo code:

Have you ever faced a situation where you have been told that your security measures are too expensive? Or you find it very difficult to explain to your management what the consequences could be if an incident occurs? Proving that it is worth investing in security is tough, but our Return on Security Investment (ROSI) calculator can help you. It’s completely free.

The definition of Return on Security Investment is the following: ROSI = monetary risk mitigation − cost of control. Therefore, a security investment is judged to be profitable if the risk mitigation effect is greater than the expected costs. (Source: Christian Locher, Methodologies for evaluating information security investments, 2005).

Following that definition, here is how our ROSI calculator performs the Return on Security Investment analysis:

  • Step #1 – it calculates the cost of an incident by taking into account all the relevant costs if an incident occurs and the probability of incident occurrence.
  • Step #2 – it calculates the cost of security measure(s)/control(s), and the level to which the risk of this incident would decrease because of such mitigation.
  • The final result (after Step #2) is the calculation of whether the gain (the risk decrease) is higher than the needed investment (security measures/controls).

To learn more about the methodology used in this calculator, read this article: Is it possible to calculate the Return on Security Investment (ROSI)?

For more information on what personal data we collect, why we need it, what we do with it, how long we keep it, and what your rights are, see this Privacy Notice.


Dejan Kosutic
Lead ISO 27001/ISO 22301 expert


Get free expert help with your
ISO 27001 & ISO 22301 documentation