September 09, 2024
The ROI of Automated OSINT, Part II: Corporate Security Threat Detection and Investigation
Steve Adams
Product Marketing Manager
Corporate security teams face an ever-expanding juggling act, tasked with protecting their people, assets, and reputation from insider and external threats. These objectives are like a circus juggling act—if any balls are ignored even for a moment, they could come crashing down. As the size and complexity of this act increases, so too does the need for efficient, effective security measures. This is where automated open-source intelligence (OSINT) tools come into play, offering a powerful solution for corporate security teams looking to maximize their impact with existing resources.
So, how can security professionals convey the true value of these tools to their colleagues who control the budget? In this second installment of our ROI series, we'll explore how to quantify the value of an OSINT solution in the context of a Fortune 500 corporate security team responsible for operations like loss prevention, executive protection, insider threat mitigation, and event security. Using a hypothetical example of a large U.S. company, we'll also demonstrate the potential cost of not investing in such a tool.
What is ROI and Why Does it Matter?
As a quick refresher, ROI stands for Return on Investment. When a large organization invests in personnel or tools, it expects that investment to yield more value than its initial expenditure. For corporate security decision-makers, understanding the ROI of OSINT tools means assessing whether the allocated funds will help their teams work more efficiently, minimize security incidents, or reduce potential losses.
Real-World Example: Fortune 500 Company
Let's calculate the ROI of automating OSINT workflows with an example based on a Fortune 500 company's security operations. In this scenario, the company has a dedicated security team of eight analysts operating 24/7/365 to detect threats as well as a dedicated investigator who spends half of their time on OSINT investigations, with the following setup:
Manual OSINT Process:
- Estimated hourly cost of each security analyst and the investigator, including BLS-estimated salary: $53 per hour
- Annual continuous threat detection cost: $880,000 (8 analysts x 2,080 work hours per year x $53 per hour)
- Annual deep dive investigations cost: $55,000 (1,040 hours per year x $53 per hour)
- Total annual manual OSINT cost: $935,000 ($880,000 + $55,000)
Automated OSINT Process:
With an automated tool, the analyst team would passively receive alerts on potential threats without needing to constantly check multiple sources, allowing them to work on other important tasks. All the team has to do now is spend one hour per day reviewing alerts and building out any new search parameters. In-depth investigations can now be completed in only 15 minutes each when using the automated tool, a huge improvement over the four-hour manual time, meaning that the investigator only has to spend one hour per week to complete their four investigations.
- Eight security analysts, each costing $53 per hour
- Five automated OSINT platform seats costing $150,000 per year
- Annual continuous threat detection cost: $15,800 (1 hour per day x 365 days per year x $53 per hour)
- Annual deep dive investigations cost: $2,750 (1 hour per week x 52 weeks per year x $53 per hour)
- Total annual automated OSINT cost: $168,550 ($15,800 + $2,750 + $150,000)
Predicted Savings with Automation:
- Annual cost savings: $766,450 ($935,000 manual cost - $168,550 automated cost)
- Time saved on OSINT: 17,300 hours per year (16,275 analyst hours + 1,025 investigator hours)
Predicted ROI With Automation:
To calculate the company's ROI, we'll use the formula: (Value of Benefits - Cost of Investment) / Cost of Investment
ROI = ($766,450 - $150,000) / $150,000 = 411%
This means that for every dollar invested in the automated OSINT solution, the company would observe a return of $4.11 in cost savings and efficiency gains.
What This Means for Corporate Security Teams
As demonstrated above, the adoption of an automated OSINT platform can lead to significant improvements in both cost efficiency and operational capacity:
- Direct Cost Savings: The company could reduce its annual OSINT-related expenses by 82%, freeing up over $766,000 of value for other critical initiatives
- Efficiency Gains: The time spent on OSINT activities could decrease from 17,680 hours to 378 hours per year, representing a 97% improvement in efficiency
- Increased Capacity: If the team were to reinvest the time saved into additional investigations, they could potentially handle 4,900 investigations per year, up from 208. This represents a staggering 2,256% increase in capacity without increasing headcount
These improvements allow the security team to be more proactive in identifying and mitigating threats, preventing costly security incidents before they impact the business to protect the company’s bottom line.
See the Results for Yourself
Guided by the example above, you can calculate how much time and money your team spends on their OSINT workflows. How much time are you spending on manual processes? And how much time could you save if you switched to an automated method?
No matter what process your team currently relies on, they could do more with an automated one. With industry-leading data sources and AI-driven automation, Skopenow helps corporate security teams make the most of their time and money. Want to see how? Schedule a demo.
Join over 1,500 organizations, including 20% of the Fortune 500, that rely on Skopenow's automated OSINT platform to automatically collect and process relevant publicly available information, make better decisions, and enhance their security posture. Learn more and schedule a personalized demo today at www.skopenow.com/try.