How to build a business case for Endpoint Security


Bottom line: Endpoint security business cases do much more than just quantify costs and benefits; They discover loopholes in the endpoint and cyber protection that need urgent attention to prevent a breach.

Bad actors and hackers prefer to attack threat surfaces that are isolated, vulnerable with outdated security patches, but integrated into a corporate network to provide access. For these reasons and more, endpoints are now the popular choice for hacking attempts. The Ponemon Institute’s third annual study on the state of endpoint security risk published in January this year found that 68% of organizations were victims of successful endpoint attacks in 2019 that compromised data assets and infrastructure of you. Since 2017, successful final attacks have skyrocketed by 26 percent. The Ponemon study also found that the typical organization takes 97 days to test and deploy patches on each endpoint. When the average endpoint is three months late on updates, it’s understandable why violations are on the rise. In 2019, the average breach of the endpoint inflicted $ 8.94 million in losses. The following graph compares the increasing number of violations and economic losses in the last three years:

Exploring the many benefits of Endpoint Security

Think about building a business case for endpoint security like the checkup each company needs to examine and identify how each threat surface can be improved. Just as all efforts to preserve each person’s health are priceless today, organizations cannot let their guard down when it comes to maintaining the security of strong endpoints.

The economic consequences of COVID-19 are strongly affecting IT budgets. That is why now is the time to create a business case for endpoint security. CIOs and CISOs have to make budget cuts due to low income. However, one area that no one wants to commit to is allowing endpoint agents to degrade over time. The Absolute Software Endpoint Security Trend Report found that the more complex and layered the endpoint protection is, the greater the risk of a breach. Overloading each endpoint with multiple agents is counterproductive and leaves the endpoints less secure than if fewer agents were installed. In addition, Absolute has just launched a Remote Learning and Remote Work Information Center, which provides information on the impact of COVID-19 on IT and security controls. An example of the board shown below:

Business Case benefits must apply to IT and operations

The Absolute and Ponemon studies suggest that autonomous endpoints are the future of endpoint security. Enabling security at the endpoint and having an indelible connection for each device solves many of the challenges faced by the IT and Operations teams of each company. And with the urgency to make IT and operations as virtual as possible with budgets affected by the economic consequences of COVID-19, team leaders in each area are focusing on the following shared challenges. COVID-19’s quarantine requirements make hybrid workforces appear instantly and cause the budgets needed to support them to disappear at the same time. The following are the shared benefits for IT and Operations that need to anchor any endpoint security business case:

  • The most pressing need is increased efficiency of the IT help desk. While this is primarily an IT metric, the unavailability of real-time resources is slowing down Remote Operations teams to get their work done.
  • Both IT and Operations share asset utilization, loss reduction, and life cycle optimization ownership in many organizations today. Having a persistent and indelible connection to each device at the hardware level is proving to be an effective IT approach, and operations teams are confident in tracking and improving these metrics. Absolute and Ponemon studies suggest that the stronger the endpoint, the better the efficiency of the assets and the optimization of the life cycle. Autonomous endpoints can self-heal and regenerate themselves, further enhancing shared metric performance for IT and operations.
  • The more autonomous endpoints an organization has, the faster Operations and IT can work together to pivot towards new business models that require virtual operations. Education, healthcare, financial services, government and professional services are moving to hybrid remote workplaces and virtual operations as fast as they can. Using the business rationale for endpoint security as a roadmap to see where threat surfaces need to be improved for new growth is key.

Endpoint security benefits

The following are the benefits to be included in creating a business case for endpoint security:

  • Reduce and eventually eliminate delays from the IT help desk by keeping endpoints up to date. Reducing the volume of calls at IT helpdesks can potentially save more than $ 45K a year, assuming that a typical call takes 10 minutes and the cumulative time savings of 1,260 hours saved by the IT help desk annually.
  • Reduce disruptions to security operations personnel and emergency security projects that require IT time to run analytical reports and analytics. Solving complex endpoint security problems burns thousands of dollars and hours for a year between Security, IT, and Operations. Having a persistent and unbreakable connection to each endpoint provides the device visibility teams need to troubleshoot. Assuming that the 2,520 hours that only IT security teams spend on emergency endpoint security issues could be reduced, organizations could save approximately $ 130K a year.
  • Self-contained endpoints with an indelible strap improve compliance, control and visibility, and are a must-have in the new hybrid remote workplace. For endpoint security to extend across every threat surface, an indelible strap is required for each device for scalable remote work and hybrid remote work programs in the enterprise. They also help reduce compliance costs and improve all aspects of asset management by keeping applications up-to-date to ensure that autonomous endpoints can continue to self-heal.
  • Reducing IT asset loss, knowing the asset utilization, and the system-level software installed by each device can save a typical organization more than $ 300K a year. Autonomous endpoints that can heal themselves and provide a consistent hardware connection deliver real-time data for precise management of IT assets and the security data teams they need to keep software configurations up-to-date. It is invaluable for IT teams to have this level of data, as it prevents endpoint patches from conflicting with each other and leaving an endpoint vulnerable to violation.
  • Accurate asset life planning based on robust data from each device is made possible. Having autonomous endpoints based on a hardware connection provides the data needed to increase the accuracy of asset lifecycle planning and resource allocation, giving IT and Operations the visibility they need at the device level. IT and Operations teams are looking to see how they can extend the life cycle of each device in the field. Cost savings vary based on the number of devices in the field and their specific software configurations. The time savings are only about $ 140K per year at a medium-sized financial services company.
  • The more autonomous and connected an endpoint is, the more automated audit and compliance reporting can be. A key part of compliance is automating the audit process to save valuable time. The Health Insurance Responsibility and Portability Act (HIPAA), the General Data Protection Regulation (GDPR) and the Payment Card Industry Data Security Standard (PCI DSS) require continuous audits. The time and cost savings of automation audits by organizations vary significantly. It is a reasonable assumption to budget for at least $ 67K per year savings in audit preparation costs alone.

Endpoint Security Cost Assessment

The following are the endpoint security costs to be included in the business case:

  • Annual endpoint security license costs, often multi-year. Endpoint security providers vary significantly in their pricing, cost, and rate models. Standalone endpoint security platforms can range in license costs from $ 750K to over $ 1.2M, depending on the size of the organization and the number of devices.
  • Change management, deployment, and integration costs increase with the complexity of integrating IT security, operations, and IT service management (ITSM). Expect to see an average price of between $ 40K and over $ 100K to integrate endpoint security platforms with ITSM and existing security information and event management (SIEM) systems.

Create a compelling business case for Endpoint Security

The best endpoint security business cases provide a 360-degree view of costs, benefits, and why action is needed now.

Knowing the upfront costs of software and services to acquire and integrate endpoint security across your organization, the costs of training and change management, and ongoing support costs are essential. Many include the following equation in their business cases to provide an estimate of ROI. The return on investment (ROI) for the endpoint security initiative is calculated as follows:

ROI in Endpoint Security (ES) = (ES Initiative Benefits – ES Initiative Costs) / ES Initiative Costs x 100.

A financial services company recently calculated that its annual benefits from the ES initiative will be $ 475,000, and the costs, $ 65,000, will generate a net return of $ 6.30 for every $ 1 invested.

Additional factors to consider when creating a business case for endpoint security:

  • Penalties for noncompliance with industry-specific laws can be quite high, with repeated offenses leading to fines of $ 1M or more and long-term loss of customer trust and income. The creation of a business case for endpoint security should take into account potential non-compliance fees and penalties that companies face for not having autonomous endpoint security. The Health Insurance Responsibility and Portability Act (HIPAA), the General Data Protection Regulation (GDPR), the Payment Card Industry Data Security Standard (PCI DSS), the Consumer Privacy Act of California (CCPA) and other laws require audit reports based on accurate endpoint security data.
  • Endpoint Security ROI estimates fluctuate, and it’s best to start with a pilot to capture live data with budgets available at the end of a quarter. Typically, organizations will allocate the remaining amounts of IT security budgets at the end of a quarter to endpoint security initiatives.
  • Briefly define the benefits and costs and get C-level support to streamline the funding process. CISOs are often the most motivated to achieve greater endpoint security as quickly as possible. Today, with all companies having all of their virtual workforces, there is a greater urgency to achieve endpoint security.
  • Define and measure the progress of endpoint security initiatives using a digitally enabled dashboard that can be shared on any device, anytime. Allowing everyone who supports and participates in endpoint security initiatives needs to know what success is like. Having a digitally enabled dashboard that clearly shows each goal or objective and the company’s progress towards them is critical to success.


The tough economic reboot created by COVID-19 has put many IT budgets in freefall at a time when CIOs and CISOs need more funds to protect the proliferation of hybrid remote workforces. Endpoint security business cases need to consider how they can create an indelible rugged defense for every device in their global fleets. And just as every nation on the planet is not letting down its guard against the COVID-19 virus, all IT and cybersecurity teams cannot disappoint others when it comes to protecting every endpoint.

Autonomous endpoints that can heal and regenerate operating systems and configurations are the future of endpoint security management. The race to be a completely virtual company is underway, and the most autonomous endpoints can be, more profitable and valuable than they are. The best business cases bridge the gap between IT and operations needs. CIOs need endpoint security solutions to be low cost, low maintenance, reliable and agile. Operations want an endpoint solution that has low support cost, minimal or no impact from IT service helpdesks, and always-on monitoring. Developing a business case for endpoint security gives IT and Operations the information they need to protect the constantly changing parameters of their business.