Table of Contents
- New IDC White Paper Reports Findings by Qualys Customers
- Using the Right Language with Your Leadership
- Two Languages of Risk
- C-Suite Soundbites for Business Value of Qualys
- Total Value
- Staff Time Efficiency
- Risk Reduction
- Security Staff Key Performance Indicators
- Learn More: Read the IDC Whitepaper
New IDC White Paper Reports Findings by Qualys Customers
As a cybersecurity leader, you may struggle to help your C-suite see the business value of what your team does. Forget “speeds and feeds”; key decision-makers are solely focused on The Numbers. While reports from most security tools excel at spewing out numbers, their technology-focused integers rarely address the nuts and bolts of managing corporate finance and business risk.
To help you with this challenge, Qualys commissioned IDC to conduct a business value deep dive with several of our enterprise customers in various industry sectors. The goal is to reveal how Qualys customers perceive business value. Based on the resulting research in the IDC White Paper, The Business Value of Qualys, IDC describes three fundamental numbers that will help you frame the business value of using the Qualys Enterprise TruRisk Platform with your c-suite:
- Average Annual Benefit: $102,000 per 1,000 internal users
- 3-year Return on Investment: 403% or $5.1 million per year
- Payback Period: 5 months
IDC found these business value metrics were enabled by three Qualys capabilities. The first is boosting the overall efficiency of security teams with faster detection and response to threats. The second is enabling greater productivity for IT infrastructure, DevOps, and compliance teams. The third is significantly lowering trouble incidents such as security breaches, unplanned application downtime, and fines for non-compliance. Let’s take a closer look at how these findings apply.
Using the Right Language with Your Leadership
The urgency of having a strong cybersecurity posture is well understood. It’s the constant news of cyber breaches that keeps board members and executives up at night. With cyber threats, the entire business is at stake, and the stakeholders fret about whether their organization’s defenses can manage the risk. As a security leader, one of your roles is helping stakeholders understand that risk is under control – or at least in the process of significant reduction.
It’s an easy mistake for a security leader to speak to stakeholders in security lingo – using industry terminology for arcane solutions and processes that are second nature to you but gibberish to corporate finance and risk management.
For example, the top of the figure below shows six major concepts used to describe the reduction of cyber risk with the Qualys Enterprise TruRisk Platform. These are terms you hear in the industry and see in marketing collateral and on our website. The bottom part shows how you can describe these concepts in business terms. Using business-friendly language is vital for connecting with the leadership, including CFOs, CISOs, and CIOs.
Two Languages of Risk
C-Suite Soundbites for Business Value of Qualys
The following are six number-focused soundbites to help you describe the business value of Qualys Enterprise TruRisk Platform to your leadership. All are discoveries made by IDC analysts as they explored how Qualys customers perceive business value from the platform. Each supports the three top business value points noted in this blog’s introduction and is detailed in the IDC White Paper, The Business Value of Qualys.
IDC discovered Qualys users get a return on investment (ROI) of 403%. This is money returned in two ways. There is a lower total cost of investment (TCO) achieved by eliminating point solutions that are integrated with the Qualys Enterprise TruRisk Platform. ROI is also achieved by reducing manual processes with streamlined workflows and automation enabled by the platform. As they say, “Time is money” – especially the fixed costs of labor.
Payback is how quickly you reach a net dollar zero cost/benefit of the initial investment in Qualys. Payback for the Qualys Enterprise TruRisk Platform is five months. This accelerated timeline occurs with the platform approach using three or more integrated solutions. Platform adoption by multiple teams streamlines workflows across departmental boundaries such as IT, security, and compliance.
Total value is ROI plus related qualitative value from investing in the Qualys Enterprise TruRisk Platform. IDC reports Qualys customers interviewed for its study are each getting a total value of $5.1 million per year. This return climbs exponentially over time and as additional integrated solutions are added to the platform by customers.
Staff Time Efficiency
A primary enabler of staff time efficiency is operationalizing SecOps with the Qualys Enterprise TruRisk Platform. IDC reports Qualys users are achieving 24% more efficiency by security teams. Mean time to repair (MTTR) improved up to 50% with bidirectional integrations of ITSM and CMDB tools. An improved four-hour mean time to discover (MTTD) was six times faster than competitive platforms with less than 24-hour response for critical CVEs. The platform enabled two-second visibility across a hybrid infrastructure.
The benefits of risk reduction have three primary sources, according to Qualys customers interviewed by IDC. These include 65% fewer unplanned application outages, a 66% improvement in quicker resolution of outages, and a 24% reduction in fines for non-compliance. Unplanned outages are avoided with proactive security measures guided by 25+ threat intelligence sources and Qualys Threat Research findings and the platform’s ability to see all external-facing assets for stronger supply chain security. Faster resolution of outages is achieved with the platform’s bi-directional data flows between tools and an 89% observed improvement in patching. Better compliance is achieved with 86% coverage of MITRE ATT&CK guidance and support and reporting for 850 policies, 20,000 controls, and 100 regulations.
Security Staff Key Performance Indicators
Three KPIs for security staff were improved with Qualys Enterprise TruRisk Platform, according to IDC’s study. Staff were 56% more effective at proactively detecting threats thanks to the platform’s growing database of 85,000+ CVEs. Staff were 40% more efficient in responding to potential threats. Better efficiency was helped by reducing up to 85% of vulnerabilities due to risk-based prioritization and the use of the platform’s automated workflow logic with scripts. Staff were 37% more efficient with patching, closing tickets 60% faster – including remediation of vulnerabilities in custom first-party software.
Learn More: Read the IDC Whitepaper
The IDC White Paper concluded: “Service providers like Qualys are stepping up to the plate with greater capabilities that enable cybersecurity teams to raise the bar on overall risk management across the breadth of the IT estate.” To further help you engage in meaningful communication with your leadership about the business value of Qualys, I invite you to download the IDC whitepaper for more insights, along with many quotes by security leaders like you who use Qualys.
Download the IDC whitepaper for more insights
IDC White Paper, sponsored by Qualys, The Business Value of Qualys, #US51057523, November 2023