Return on investment is difficult to work out, especially if your investment is to protect against a possible event that isn’t guaranteed to happen. This includes things like investing in cybersecurity software, taking out an insurance plan, paying for a product warranty and, of course, spending on physical security. You can't always predict these things.

However, there are ways to quantify security ROI which we’ll discuss throughout this blog. But remember, there’s also more than meets the eye regarding the benefits of manned guarding that can’t always be explained in numbers.

The ROSI calculation

The ROSI (return on security investment) calculation was created for companies to assess whether they're paying too much or, in most cases, too little to protect their premises and other assets.

In its most basic form, a return on investment calculation looks like this:

 ROI: Gain from investment - Cost of Investment / Cost of investment

Essentially, the ROI calculation allows organisations to use the benefit of hindsight to decide whether to continue investing or to invest more in security measures.

In the context of security, the equation looks like this:

 ROSI: Monetary loss reduction - Cost of the solution / Cost of the solution

Here, the cost of investment is replaced by the cost of a solution, meaning the amount of money paid to hire or install security measures. In some instances, this will be called the mitigation rate. Furthermore, gain from investment is swapped out for monetary loss reduction, calling for the amount of money saved by implementing security measures.

To complete both equations, organisations need to have historical data to understand what costs could have arisen if there weren’t robust measures in place.

However, this leaves firms with little insight if they’ve never paid for security before or indeed if they have some security in place but have never formally kept track of security loss.

Instead, firms can forecast their estimated loss using other figures, including single loss expectancy (SLE) and the annual rate of occurrence (ARO), to arrive at an annual loss expectancy (ALE).

 Single loss expectancy (SLE) The amount of money an organisation stands to lose from a single breach of security. For example, a singular burglary costs small businesses around £2,000 in the UK. Annual rate of occurrence (ARO) The predicted frequency of loss, vandalism or any other security breach that would incur costs. As a rough guide, there’s an average of 69.2 crimes every hour affecting businesses in England and Wales. Annual loss expectancy (ALE) By multiplying the SLE by the ARO, organisations will arrive at the annual loss expectancy, giving a total estimation of a yearly loss if no security measures were implemented.

The ALE figure gives organisations a clear-cut idea of whether hiring physical security is worth it.

Put simply, is there more money ‘in the pot’ as a result of spending on security? Or, does hiring security cost more than it would to recoup security breaches? (Tip, if you’re working with the right security supplier, it shouldn’t).

Going above and beyond the ROSI figure

While ALE and ROI figures are great for explaining security value to others and inputting individual figures into reporting, many security elements are ignored by dumbing it down to one set number.

Attacks you can't estimate

While the main benefit of security is undoubtedly to protect against attacks, there’s never any way to truly know the extent of such protection.

For example, an unprecedented organised attack (such as in the field of retail) could be planned in your industry or area that isn’t accounted for within your annual loss expectancy. Yet, you may avoid being the brunt of it as a result of having obvious security obstacles.

As an event that isn’t anticipated, its estimated loss, which is likely to be far greater than a petty crime, will never show up as a true gain, even though it could have been one of the greatest successes of a recent security solution.

The limits of the ROSI calculation

The ROSI calculation itself has some obvious drawbacks. For example, it’s difficult to predict the annual rate of occurrence and so input the monetary loss reduction as attack rates vary according to area and industry.

With most available data being nationwide, it’s always best to use your industry knowledge and insight to fill in the gaps and input the most realistic figures into the ROI calculation. This said, we’re relying on estimations to provide a more overarching estimate which in itself isn’t as scientific as is ideal.

The hidden value of physical security guards

What’s more, physical security guards have more value than the deterrent they provide to individual attacks. As trained professionals, they can help organisations find the root cause of common crimes, allowing for even greater intelligence and prevention of security issues.

Nevertheless, ROSI is the closest calculation we have to justify security spend and figure out if it’s time to switch from in-house solutions to a more comprehensive outsourced service.

Physical security budgets are often under the microscope as the ROI isn't always clear to observe. To overcome the challenges associated with proving security ROI, use our new physical security ROI calculator and toolkit to access Kingdom Security's recommended approach for assessing the ROI for physical security, technology and services.