Get FREE 12-month access to the AI-Powered Knowledge Base worth $450
with your ISO 27001 toolkit purchase
Limited-time offer – ends June 27, 2024

Have you ever faced a situation where you have been told that your security measures are too expensive? Or you find it very difficult to explain to your management what the consequences could be if an incident occurs? Proving that it is worth investing in security is tough, but our Return on Security Investment (ROSI) calculator can help you. It’s completely free.

The definition of Return on Security Investment is the following: ROSI = monetary risk mitigation − cost of control. Therefore, a security investment is judged to be profitable if the risk mitigation effect is greater than the expected costs. (Source: Christian Locher, Methodologies for evaluating information security investments, 2005).

Following that definition, here is how our ROSI calculator performs the Return on Security Investment analysis:

  • Step #1 – it calculates the cost of an incident by taking into account all the relevant costs if an incident occurs and the probability of incident occurrence.
  • Step #2 – it calculates the cost of security measure(s)/control(s), and the level to which the risk of this incident would decrease because of such mitigation.
  • The final result (after Step #2) is the calculation of whether the gain (the risk decrease) is higher than the needed investment (security measures/controls).

To learn more about the methodology used in this calculator, read this article: Is it possible to calculate the Return on Security Investment (ROSI)?

For more information on what personal data we collect, why we need it, what we do with it, how long we keep it, and what your rights are, see this Privacy Notice.


Dejan Kosutic
Lead ISO 27001/ISO 22301 expert


Get free expert help with your
ISO 27001 & ISO 22301 documentation