Expert Blog: How Do You Calculate the ROI on Data Protection?

Amanda RegnerusBy Amanda Regnerus, EVP, Product and Services, US Signal.

We all know successful funding requests need to demonstrate a sound Return on Investment (ROI) – especially when making those requests to your board or C-suite. But it can be a struggle to prove ROI in the context of data protection. This article offers a few hints and tips to elevate your pitch and win your case.


Data Loss Consequences: Do You See the Big Picture?

These days, you can’t read an article, attend a webinar or go to a conference without hearing about data protection. Whether it’s data security, data privacy or disaster recovery, someone is always talking about it – and rightly so. It’s a vital prerequisite for doing business in the modern world.

You need to keep your critical data secure, and your clients need to be confident that their information is protected. Depending on the sector in which you operate, there will also be a mix of data protection best practices, directives and legislation to which you will also have to adhere.

Looking at this from an IT standpoint, you can calculate costs by the hour (sometimes by the minute or even the second) of fixing an outage. This typically covers materials, labor and other external services. Calculators that work this out for you – and a range of formulae – are easily found online.

But determining the actual costs of losing that data – or even not having access to it for a short time – can be more difficult. In many cases, IT departments simply don’t have access to the kind of operational data that can give them a more holistic view.

Where should I look for the numbers?

As a starting point, it’s possible to get hold of numbers that will tell you how much it costs for employees to be sat around doing nothing while access to data is restricted or being recovered. You’ll need to get an understanding of their hourly wages (or approximations) from HR.

But what about the revenue that’s lost if sales grind to a halt, orders aren’t processed, products aren’t manufactured, and deliveries aren’t dispatched? Also consider any fees that are incurred due to late payments or failure to meet service level agreements. What about penalties for non-compliance? This is a particular concern in instances where cybercriminals hack corporate and customer data. And it’s often accompanied by employees getting ‘frozen’ out of the network. The European Union, for example, delivers hefty fines if companies that are operating in the region breach customer data regulations. It’s worth finding out about all such potential penalties and also the cost of legal proceedings – which can happen in extreme cases.

Then there’s the question of customer satisfaction. How do you measure customer loss? Most customers don’t care if there’s an outage, and frankly, why should they? It’s not their problem; it’s yours. They just want their product or service. If you can’t deliver, they’ll go elsewhere.

How do you calculate reputational damage to your organization once your data protection-related issue turns up on social media and the criticisms grow? Suddenly you’re losing prospective customers, not just current ones.

Give some thought to the apps and supporting data across your company that you don’t even know about. It’s called ‘shadow IT.’ It may not be officially sanctioned or monitored. Still, it might be helping many of your colleagues work effectively and efficiently. Perhaps consider some network monitoring and discovery software over the long-term to help you work out what’s running on your system. Employees don’t usually talk openly about it – hence, the term ‘shadow IT.’

Finally, don’t forget that although most employees in the organization aren’t getting anything done, your bosses are still paying to keep the lights on and the air conditioner running. They’re still paying the equipment leases, rent and maintenance too.

– read more below the image –

US Signal Data Center
US Signal Data Center

Try Some Broader Outreach

Veeam’s ‘Understanding Your Data Protection ROI for Dummies’ eBook offers some helpful hints too. It suggests that talking with a broad cross-section of technical professionals and operations stakeholders is an effective way to begin assessing the ROI of data protection. Done correctly, it should provide a company-wide view of the impact of disrupted data access – as well as the associated costs.

Information gleaned from these discussions should also help you understand which IT systems, apps, data and processes are critical to core teams across the organization. From there, you can undertake a risk analysis that could look at the likelihood of different events causing downtime. You can use the same data to produce a business impact analysis, which quantifies the potential costs of each event.

A quick search online should help you discover a range of resources to get you started with both exercises. This can be a daunting task, but these three questions from Veeam offer a basis from which to begin:

  • What are your organization’s most pressing areas of concern or vulnerability that should be covered by a data protection strategy?
  • What’s the actual cost of the downtime and data loss problem with the current data protection strategy?
  • What is your organization’s commitment to do better?

The suggestions offered in Veeam’s eBook don’t provide a definitive guide to calculating the ROI of data protection. But they do show you how to gain a more complete understanding of the total associated costs of downtime and data loss. This, in turn, should give you more confidence to make a compelling case ROI of data protection at board-level.

The Bottom Line

You can never account for every single possible data loss scenario. Still, if you can create a sound business case for stepping up protection levels – and get everyone’s buy-in when implementing it – you’ll be able to considerably reduce the risks and give your organization the best chance of preventing data loss or downtime events.

About US Signal and the Author

US Signal is a provider of data center services, offering connectivity, cloud hosting, colocation, data protection, and disaster recovery solutions – all powered by its wholly owned and operated, robust, fiber network. US Signal also helps customers optimize their IT resources through managed and professional services. As VP of marketing and product development at US Signal, Amanda Regnerus defines and establishes strategic direction for marketing and product development plans.