Imagine this scenario: A sophisticated, malicious phishing campaign targets a large financial institution. The attackers use emails generated by artificial intelligence (AI) that closely mimic the company’s internal communications. The emails contain malicious links designed to steal employee credentials, which the attackers could use to gain access to company assets and data for unknown purposes.

The organization’s AI-powered cybersecurity solution, which continuously monitors network traffic and user behavior, detects several anomalies associated with the attack, blocks access to the suspicious domains across the network, quarantines the phishing emails, resets passwords for all potentially compromised accounts and sends real-time alerts to the security operations center, providing detailed information about the attack vector and affected systems.

Using predictive analytics, the AI suggests potential next steps the attackers might take, allowing the security team to strengthen defenses in those areas proactively.

The good guys won. But was the AI solution worth the price? What’s the value in dollars of that victory? It’s easy to measure the investment in AI. But how do you measure the return on that investment? Specifically, how do you measure the value of data never stolen, unknown reputational damage that never happened, customer trust never lost or reduced operational risks never incurred?

The rise of AI cybersecurity

To be sure, cybersecurity AI spending is set to increase dramatically. Organizations spent $24 billion in 2023, with an expected rise to $133 billion by 2030. Cybersecurity professionals and the companies they work for will increasingly rely on advanced AI solutions as threats grow and the cost of data breaches also rises.

The challenging nature of cybersecurity ROI is compounded by many other factors — dozens, hundreds or thousands of attempted cyberattacks per year per organization; the lack of universally accepted metrics or calculations for cybersecurity ROI; the long payback period for investments in cybersecurity AI; the fast-changing nature of the threat landscape; the fact that cybersecurity investments also touch areas like operational efficiency, regulatory compliance and others.

Historically, organizations calculated ROI in cybersecurity investments by estimating money saved in the absence of security incidents. But that fails to account for proactive security measures, efficiency gains in operations and the overall security posture. With the integration of AI, cybersecurity has fundamentally changed, offering enhanced threat detection and prevention capabilities beyond simply measuring the absence of incidents.

A proactive approach and improved operational efficiency through task automation provide tangible benefits not captured in traditional ROI calculations.

Explore AI cybersecurity solutions

New metrics for ROI calculation

The use of AI tools has transformed the typical cybersecurity ROI calculation, introducing several quantifiable metrics:

• Reduction in false positives
• Time saved on routine tasks
• Faster incident response times
• Improved threat intelligence accuracy
• Cost savings from prevented breaches

These metrics offer a more comprehensive view of the value derived from AI-powered cybersecurity investments, enabling organizations to make more informed decisions about resource allocation and strategic planning.

Cost savings can also be measured in the aggregate. According to the IBM 2024 Cost of a Data Breach report, organizations extensively using security AI and automation in prevention workflows saved an average of $2.2 million in breach costs compared to those without such technologies.

Still, measuring AI cybersecurity ROI comes with challenges, including difficulty attributing prevented incidents directly to AI, the constantly evolving threat landscape and balancing initial investment costs with long-term benefits.

Taking a holistic approach to cybersecurity AI ROI

Organizations can leverage established frameworks, such as the NIST Cybersecurity Framework, to effectively measure and communicate AI’s ROI in cybersecurity. By aligning AI initiatives with these functions, organizations can more accurately measure their impact on overall cybersecurity performance.

To effectively measure the impact of AI on cybersecurity ROI, organizations should focus on specific Key Performance Indicators (KPIs):

• Mean time to detect
• Mean time to respond
• Security operational efficiency
• Threat intelligence accuracy
• Compliance adherence rate

The best approach is to adopt a more comprehensive approach that uses risk assessment frameworks, measures risk reduction, considers and estimates intangible benefits and regularly reviews and updates calculations.

Organizations must adopt a holistic approach that considers the proactive capabilities, efficiency gains and quantifiable metrics provided by AI-powered solutions. This comprehensive evaluation allows a more accurate assessment of cybersecurity investments’ true value and impact in today’s complex threat landscape.

Of course, cyberattacks don’t happen randomly or in a vacuum. Take the follow-on consequences of the ongoing cybersecurity skills gap, which can be self-enlarging, according to Sam Hector, senior strategy leader of IBM Security.

“When you don’t have enough skilled experts in monitoring and defending your infrastructure, a few things happen,” Hector said. “The time to triage alerts grows as the queue of incidents to review becomes longer, meaning you’re more likely to be breached, and attackers dwell times increase (when they are in your environment undetected) as you’re less likely to find the needle in the haystack. The time to detect increasing directly leads to higher breach costs on average.”

And the problem keeps growing: “Teams that are stretched too thin don’t have the time to devote to improving cybersecurity processes, integration and efficiency,” Hector said. “They’re unable to drill exercises and embark on further training as they’re too focused on keeping the lights on. This means over time, they’re less effective comparable to the threat landscape, and misconfigurations and gaps develop that attackers can exploit.”

Hector said persistent attackers are unlikely to go unnoticed by these weakening defenses: “If there’s a specific industry, region or even organization that is known to be struggling to acquire cybersecurity skills, this puts them at increased risk of being targeted by attackers who will be anticipating weaker defenses.”

An ongoing shift in cybersecurity investment

The integration of AI in cybersecurity has fundamentally changed how organizations approach and measure their security investments. By providing more tangible and comprehensive ROI metrics, AI enables organizations to make data-driven decisions about their cybersecurity strategies. As cyber threats continue to evolve, the role of AI in cybersecurity will only grow more critical, making it essential for organizations to invest in — and effectively measure — the impact of these technologies.

The post How to calculate your AI-powered cybersecurity’s ROI appeared first on Security Intelligence.

The best cybersecurity guidelines have made a huge difference in protecting data from theft and compromise, both in the United States and around the world.

These guidelines are comprehensive sets of recommended practices, procedures and principles designed to help organizations and individual people safeguard their digital assets, systems and data from malicious attacks. They can cover a wide range of practices and exist in part to collect and share best practices and strategies based on industry standards and expert knowledge. Crucially, they’re frequently updated to address evolving threats and technological advancements.

Truly effective cybersecurity guidelines serve as a roadmap for maximizing security. They are comprehensive, addressing both technical and organizational aspects. They come with clear governance structures, detailed implementation plans and the flexibility to adapt. And they recognize the importance of the human element, focusing on user empowerment and education rather than assuming and criticizing user ignorance.

However, not all cybersecurity guidelines are created equal. The least effective practices tend to overemphasize technology at the expense of human factors, neglect usability considerations, fail to address operational aspects or lack provisions for continuous assessment and improvement.

Here are the five cybersecurity guidelines that have made the biggest positive impact and three that could use some work.

1. NIST CSF

The National Institute of Standards and Technology (NIST) Cybersecurity Framework (CSF) is one of the most effective and influential cybersecurity guidelines. One reason for that is that it’s comprehensive and built around five core functions: identify, protect, detect, respond and recover. This structure provides organizations with a holistic view of cybersecurity risk management, ensuring that all critical aspects are addressed.

The NIST CSF evolved over three main iterations: Version 1.0 was initially released in 2014, followed by a minor update to Version 1.1 in 2018 and a major overhaul with Version 2.0 in 2024.

It’s also flexible. Organizations of all sizes and across various sectors can readily adapt the framework to their specific needs, making it widely applicable.

2. ISO 27001

The ISO 27001 standard has made a big difference in global cybersecurity due to its highly systematic approach and emphasis on continuous improvement. It offers a structured methodology for identifying, assessing and treating information security risks. As an internationally recognized standard, ISO 27001 certification is respected across various industries and borders.

3. CIS Controls

The Center for Internet Security (CIS) Controls have become widely adopted as a practical and effective set of cybersecurity guidelines. The guidelines are characterized by prioritized actions, addressing the most critical security measures and helping organizations allocate resources efficiently. The framework’s tiered implementation allows organizations to tailor their strategy based on size and cybersecurity maturity. CIS regularly updates the controls to address emerging threats and evolving best practices.

Explore cybersecurity services

4. CSA Cloud Controls Matrix

The Cloud Security Alliance (CSA) Cloud Controls Matrix stands out thanks to its cloud-specific focus, addressing the unique security challenges inherent in cloud computing. Its comprehensive coverage spans multiple security domains, including application security, encryption and identity management. The matrix’s interoperability aligns with other major standards and regulations, facilitating compliance across multiple frameworks for organizations.

5. PCI DSS

The Payment Card Industry Data Security Standard (PCI DSS) has greatly improved payment card security despite its industry-specific nature. Organizations handling payment card data must comply with PCI DSS, ensuring widespread adoption. The standard offers detailed and actionable requirements for protecting cardholder data. And it regularly evolves to address emerging threats and technologies in the payment card industry.

Some cybersecurity guidelines haven’t made such an impact

Sadly, some cybersecurity guidelines haven’t been received as fondly as the five listed above. Here’s the cybersecurity guidelines Hall of Shame:

The TSA’s initial pipeline directive

In the wake of the Colonial Pipeline cyberattack, the Transportation Security Administration (TSA) issued its initial pipeline security directive, known as Security Directive Pipeline-2021-01, on May 27, 2021.

The directive aimed to enhance cybersecurity measures for pipeline owners and operators across the United States.

The initial directive mandated several key requirements for pipeline companies. It called for the designation of a Cybersecurity Coordinator who would be available 24/7 to respond to incidents and coordinate with government agencies. Additionally, companies were required to report cybersecurity incidents to the Cybersecurity and Infrastructure Security Agency (CISA) within 12 hours of detection.

Many cybersecurity experts viewed it as hastily implemented and based on inadequate industry consultation. The directive was too prescriptive in some parts and too vague in others, according to critics. And it was slammed as being too inflexible.

The directive was revised and satisfied many of the industry criticisms.

The UN cyber crime treaty

The United Nations finalized and approved a new global cyber crime convention in August, marking a significant milestone in international efforts to combat cyber crime. The treaty is a milestone because it’s the first cyber crime treaty negotiated and accepted by consensus among all UN member states (after three years of negotiations).

But some critics say the treaty would effectively criminalize cybersecurity research, that it’s outdated and overly prescriptive. They say it might actually weaken global cybersecurity.

Draft U.S. cyber reporting rules

The Cybersecurity and Infrastructure Security Agency (CISA) has recently proposed draft rules for cyber incident reporting in the United States, which could impact how critical infrastructure companies report cyberattacks to the federal government.

The draft rules target companies that own or operate systems deemed critical infrastructure by the U.S. government. This includes sectors such as healthcare, energy, manufacturing and financial services. The rules also extend to companies with operations vital to a sector’s functionality, including various service providers.

Some organizations have expressed concern that the reporting requirements may be burdensome (especially to smaller organizations), costly and overlapping with existing requirements.

The National Association of Manufacturers said the rules are overly broad and could affect more than 300,000 entities, casting doubt on whether all target organizations are involved with “critical infrastructure.”

The best cybersecurity guidelines strike the right balance

Cybersecurity guidelines are intended to improve security. And the best ones are vital tools that advance organizations toward that objective. Crafting excellent guidelines requires plentiful industry input, with comprehensive and broad issues covered and plenty of flexibility to allow for different organizational sizes and types.

The post The 5 most impactful cybersecurity guidelines (and 3 that fell flat) appeared first on Security Intelligence.